PT-2015-3623 · Phponlinechat · Phponlinechat
Published
2015-01-13
·
Updated
2017-09-08
·
CVE-2014-100017
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PhpOnlineChat version 3.0
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the
message field in the canned opr.php file.Recommendations
For PhpOnlineChat version 3.0, consider validating and sanitizing user input in the
message field to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the canned opr.php file until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phponlinechat