phpFreeChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phpFreeChat 1.3 is vulnerable; other versions may also be affected.
(С)http://www.securityfocus.com/bid/45330/info
Cross Site Scripting Vulnerability
Moderators: OldWolf, re*s.t.a.r.s.*2
2 posts
• Page 1 of 1
by Daizz » Tue Jan 04, 2011 10:41 am
Input passed via the "cmd" parameter to index.php (when "pfc_ajax" is set and "f" is set to "handleRequest") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
(с)http://secunia.com/advisories/42437/
(с)http://secunia.com/advisories/42437/
- Daizz
- New member
- Posts: 2
- Joined: Tue Jan 04, 2011 10:26 am
2 posts
• Page 1 of 1
Return to General Support (v1.x)
Who is online
Users browsing this forum: No registered users and 21 guests
