Description
Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Megasky · textwebappsphp
https://www.exploit-db.com/exploits/25660
exploitdb
WORKING POC
VERIFIED
by Megasky · textwebappsphp
https://www.exploit-db.com/exploits/25659
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13627
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484575/100/0/threaded
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111602076500031&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13628
Scores
EPSS
0.0399
EPSS Percentile
88.5%
Details
CWE
CWE-79
Status
published
Products (1)
phpheaven/phpmychat
0.14.5
Published
May 16, 2005
Tracked Since
Feb 18, 2026