PT-2014-6388 · Pro Chat Rooms · Pro Chat Rooms Text Chat Rooms

Mike Manzotti

Published

2014-10-20

Updated

2017-09-08

CVE-2014-5276

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pro Chat Rooms Text Chat Rooms version 8.2.0

Description The issue allows remote authenticated users to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This can be achieved via two methods: (1) uploading a malicious profile picture or (2) manipulating the edit parameter in the profiles/index.php API endpoint.

Recommendations For Pro Chat Rooms Text Chat Rooms version 8.2.0, consider disabling the profile picture upload feature and restricting access to the profiles/index.php endpoint until a patch is available. Avoid using the edit parameter in the profiles/index.php endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2014-5276

Affected Products

Pro Chat Rooms Text Chat Rooms

PT-2014-6388 · Pro Chat Rooms · Pro Chat Rooms Text Chat Rooms

CVE-2014-5276

Weakness Enumeration

Related Identifiers

Affected Products

References · 7