Chatty improper input sanitizing May 22 2006 07:06PM
zerogue gmail com
Chatty improper input sanitizing

Discovered by: Nomenumbra

Date: 21/5/2006

impact:moderate (possible defacement)

Chatty is a PHP-based chatscript allowing users to chat over the web.

Subscribing with a username like this: <script>alert(%22xss%22)</script>

would cause major xss in the chatroom.

Nomenumbra

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus