Chatty improper input sanitizing

2006.05.27

Credit: zerogue gmail com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2606

CWE: CWE-Other

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Chatty improper input sanitizing

Discovered by: Nomenumbra

Date: 21/5/2006

impact:moderate (possible defacement)

Chatty is a PHP-based chatscript allowing users to chat over the web.

Subscribing with a username like this: <script>alert(%22xss%22)</script>

would cause major xss in the chatroom.

Nomenumbra

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Chatty improper input sanitizing

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Chatty improper input sanitizing

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.