CVE-2007-5982

X7 Chat 2.0.4-2.0.5 - Cross-Site Scripting via Room Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-5982. PoCs published by ShAy6oOoN.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in X7 Chat 2.0.4, where user-supplied input is not sufficiently sanitized. The example demonstrates an XSS payload injected via the 'INSTALL_X7CHATVERSION' parameter in 'upgradev1.php'.

Description

Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by ShAy6oOoN · textwebappsphp
https://www.exploit-db.com/exploits/30758

The provided text describes a cross-site scripting (XSS) vulnerability in X7 Chat 2.0.4, where user-supplied input is not sufficiently sanitized. The example demonstrates an XSS payload injected via the 'INSTALL_X7CHATVERSION' parameter in 'upgradev1.php'.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: X7 Chat 2.0.4
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ShAy6oOoN · textwebappsphp
https://www.exploit-db.com/exploits/30757

The provided text describes a cross-site scripting (XSS) vulnerability in X7 Chat 2.0.4, where user-supplied input is not sufficiently sanitized. The example demonstrates a simple XSS payload injected via the 'room' parameter in the URL.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: X7 Chat 2.0.4
No auth needed
Prerequisites: Access to the vulnerable application URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38745
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38746
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27677
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26417

Scores

EPSS 0.0305
EPSS Percentile 85.9%

Details

CWE
CWE-79
Status published
Products (2)
x7_group/x7_chat 2.0.4
x7_group/x7_chat 2.0.5
Published Nov 15, 2007
Tracked Since Feb 18, 2026