Description
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.
Exploits (1)
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/10354
Exploit x_refsource_misc
http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54614
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37608
Scores
EPSS
0.0018
EPSS Percentile
39.8%
Details
CWE
CWE-79
Status
published
Products (1)
viscacha/viscacha
0.8 gold
Published
Jan 05, 2010
Tracked Since
Feb 18, 2026