RSS   Vulnerabilities for 'Mm chat'   RSS

2008-07-02
 
CVE-2008-2974

CWE-22
 
 
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.

 
 
CVE-2008-2973

CWE-79
 
 
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.

 

Copyright 2024, cxsecurity.com

 

Back to Top