PT-2007-2251 · Flashchat · Flashchat
Binaryloc
·
Published
2007-02-07
·
Updated
2018-10-16
·
CVE-2007-0807
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
flashChat version 4.7.8
Description
A cross-site scripting (XSS) issue exists due to improper handling of the channel title, also known as the room name, by the "who's online" feature. This allows remote attackers to inject arbitrary web script or HTML.
Recommendations
For flashChat version 4.7.8, ensure that user input for channel titles is properly sanitized to prevent XSS attacks. As a temporary workaround, consider restricting the ability to create or edit channel titles until a fix is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Flashchat