CVE-2009-1620

MataChat - Stored Cross-Site Scripting via Nickname and Color Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1620. PoCs published by Am!r.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in MataChat, where user-supplied input via the 'nickname' and 'color' parameters in 'input.php' is not properly sanitized. This allows arbitrary script execution in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Am!r · textwebappsphp

https://www.exploit-db.com/exploits/32958

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in MataChat, where user-supplied input via the 'nickname' and 'color' parameters in 'input.php' is not properly sanitized. This allows arbitrary script execution in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MataChat (version not specified)

No auth needed

Prerequisites: Access to the vulnerable MataChat instance · Ability to craft malicious URLs with XSS payloads

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/503014/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34722

Scores

EPSS 0.0119

EPSS Percentile 63.9%

Details

CWE

CWE-79

Status published

Products (1)

mata/matachat

Published May 12, 2009

Tracked Since Feb 18, 2026