CVE-2005-1619

Phpheaven Phpmychat - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Megasky · textwebappsphp

https://www.exploit-db.com/exploits/25660

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Megasky · textwebappsphp

https://www.exploit-db.com/exploits/25659

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=111602076500031&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484575/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13627

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13628

Scores

EPSS 0.0399

EPSS Percentile 88.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

phpheaven/phpmychat

Timeline

Published May 16, 2005

Tracked Since Feb 18, 2026