CVE-2014-5276

Name of the Vulnerable Software and Affected Versions Pro Chat Rooms Text Chat Rooms version 8.2.0

Description The issue allows remote authenticated users to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This can be achieved via two methods: (1) uploading a malicious profile picture or (2) manipulating the edit parameter in the profiles/index.php API endpoint.

Recommendations For Pro Chat Rooms Text Chat Rooms version 8.2.0, consider disabling the profile picture upload feature and restricting access to the profiles/index.php endpoint until a patch is available. Avoid using the edit parameter in the profiles/index.php endpoint to minimize the risk of exploitation.