info
discussion
exploit
solution
references
E107 Website System Chatbox Plugin HTML Injection Vulnerability
An exploit is not required.
Place the following into the Chatbox:
<script>alert("xss vuln found by ssteam")</script>
Privacy Statement
Copyright 2010, SecurityFocus