PT-2006-3590 · Chatpat · Chatpat

Luny

Publicado

2006-05-30

Atualizado

2018-10-18

CVE-2006-2670

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions ChatPat version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via a chat message. This is possible through vulnerabilities in the fastchat.php and fastshow.php files.

Recommendations For ChatPat version 1.0, consider disabling the chat functionality until a patch is available to prevent exploitation of the XSS vulnerabilities in fastchat.php and fastshow.php. Restrict access to these files to minimize the risk of arbitrary web script or HTML injection.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2670

Produtos afetados

Chatpat

PT-2006-3590 · Chatpat · Chatpat

CVE-2006-2670

Identificadores relacionados

Produtos afetados

Referências · 6