CVE-2005-3991
phpMyChat 0.14.6 - Cross-Site Scripting via Medium or From Parameter
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2005-3991. PoCs published by Louis Wang.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat 0.14.5 by injecting a script tag into the 'From' parameter of the users_popupL.php endpoint. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php.
Exploits (3)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat 0.14.5 by injecting a script tag into the 'From' parameter of the users_popupL.php endpoint. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat 0.14.5 by injecting arbitrary JavaScript code via the 'medium' parameter in the style.css.php file. The vulnerability arises due to insufficient input sanitization, allowing script execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpMyChat 0.14.5 by injecting arbitrary JavaScript code via the 'medium' parameter in the 'start_page.css.php' file. The vulnerability arises due to insufficient input sanitization.