CVE-2014-5276

PRO Chat Rooms Text Chat Rooms - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.

Exploits (1)

exploitdb WORKING POC

by Mike Manzotti · textwebappsphp

https://www.exploit-db.com/exploits/34275

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95125

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95126

Exploit x_refsource_misc

http://packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2014-08/0026.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/34275

Scores

EPSS 0.0081

EPSS Percentile 74.3%

Details

CWE

CWE-79

Status published

Products (1)

pro_chat_rooms/text_chat_rooms 8.2.0

Published Oct 20, 2014

Tracked Since Feb 18, 2026