CVE-2013-5952

Name of the Vulnerable Software and Affected Versions Joomla! Freichat (com freichat) component versions prior to 9.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to certain PHP files. This can be achieved by manipulating the id or xhash parameter to client/chat.php or the toname parameter to client/plugins/upload/upload.php.

Recommendations For versions prior to 9.4, consider restricting access to the client/chat.php and client/plugins/upload/upload.php files until a fix is available. As a temporary workaround, avoid using the id, xhash, and toname parameters in the affected API endpoints.