CVE-2007-5982

Name of the Vulnerable Software and Affected Versions X7 Chat versions 2.0.4 through 2.0.5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API endpoints include "sources/frame.php", "help/index.php", and "upgradev1.php". The vulnerable parameters are the room parameter, the theme c parameter, and the INSTALL X7CHATVERSION parameter.

Recommendations For X7 Chat versions 2.0.4 and 2.0.5, consider disabling access to the "sources/frame.php", "help/index.php", and "upgradev1.php" endpoints until a patch is available. Restrict the use of the room, theme c, and INSTALL X7CHATVERSION parameters in these endpoints to minimize the risk of exploitation.