PT-2023-10157 · Unknown · Cention-Chatserver
Published
2023-02-21
·
Updated
2024-05-17
·
CVE-2014-125089
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
cention-chatserver version 3.8.0-rc1
Description
A vulnerability was found in the function
formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue.Recommendations
For cention-chatserver version 3.8.0-rc1, upgrade to version 3.9 to address the issue. As a temporary workaround, consider restricting the use of the
formatBody function until the patch is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cention-Chatserver