MM Chat Local File Include and Multiple Cross Site Scripting Vulnerabilities
MM Chat is prone to a local file-include and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may exploit the local file-include vulnerability to view files and execute local scripts in the context of the webserver process.
The attacker may also leverage the cross-site scripting issues to execute script code in an unsuspecting user's browser or to steal cookie-based authentication credentials; other attacks are also possible.
These issues affect MM Chat 1.5; other versions may also be vulnerable.