CVE-2006-3366

Name of the Vulnerable Software and Affected Versions V3 Chat (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via crafted HTML tags. This can be achieved through various parameters in different PHP files, including the id parameter in mail/index.php and mail/reply.php, the login id parameter in members/is online.php, the site id parameter in messenger/online.php, messenger/search.php, and messenger/profile.php, the contact name parameter in messenger/search.php, the membername parameter in messenger/profileview.php, unspecified parameters when editing a profile, and the cust name parameter in messenger/expire.php. Note that the vendor disputes the involvement of files in the messenger directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.