CVE-2005-1619

PHPMyChat 0.14.5 - Cross-Site Scripting via FontName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1619. PoCs published by Megasky.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat due to improper sanitization of user-supplied input in the 'FontName' parameter. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Megasky · textwebappsphp
https://www.exploit-db.com/exploits/25660

This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat due to improper sanitization of user-supplied input in the 'FontName' parameter. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: phpMyChat (version not specified)
No auth needed
Prerequisites: Access to the vulnerable phpMyChat instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Megasky · textwebappsphp
https://www.exploit-db.com/exploits/25659

This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat due to improper input sanitization. The PoC shows how arbitrary script code can be executed in the context of the affected site via a crafted URL.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: phpMyChat (version not specified)
No auth needed
Prerequisites: Access to the target application's URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13627
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484575/100/0/threaded
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111602076500031&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13628

Scores

EPSS 0.0174
EPSS Percentile 74.9%

Details

CWE
CWE-79
Status published
Products (1)
phpheaven/phpmychat 0.14.5
Published May 16, 2005
Tracked Since Feb 18, 2026