{"type": "osvdb", "published": "2005-05-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:16770", "hashmap": [{"key": "affectedSoftware", "hash": "6c6014ebd8cfba2278f16ccd5c675ccb"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "f1bf4b7ecaa1e7cc6b0c6aabd2c07972"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "f7f81f2c173014bce3e31320cc11795b"}, {"key": "href", "hash": "5ae398bfba3e2dc0e1dce017188d8bda"}, {"key": "modified", "hash": "74329e3297c7a5bb846901b42162fdfc"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "74329e3297c7a5bb846901b42162fdfc"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "8d4fcaa807908f3205f824fcd00d009a"}, {"key": "title", "hash": "9c083f194136571440d9f8b9ef1bc4f0"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Megasky(magasky@hotmail.com)", "title": "phpMyChat style.css.php3 FontName Variable XSS", "affectedSoftware": [{"operator": "eq", "version": "0.14.5", "name": "phpMyChat"}], "enchantments": {"vulnersScore": 4.3}, "references": [], "id": "OSVDB:16770", "hash": "3eb33308cbea773228403564e859b1da33833997e4bbe27c0d963086ff951a25", "lastseen": "2017-04-28T13:20:13", "cvelist": ["CVE-2005-1619"], "modified": "2005-05-13T00:00:00", "description": "## Vulnerability Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script>\n## References:\nVendor URL: http://phpmychat.sourceforge.net/rubrique.php3?id_rubrique=29\n[Secunia Advisory ID:11894](https://secuniaresearch.flexerasoftware.com/advisories/11894/)\n[Related OSVDB ID: 16769](https://vulners.com/osvdb/OSVDB:16769)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0180.html\nISS X-Force ID: 20591\n[CVE-2005-1619](https://vulners.com/cve/CVE-2005-1619)\nBugtraq ID: 13628\n"}

{"result": {"cve": [{"id": "CVE-2005-1619", "type": "cve", "title": "CVE-2005-1619", "description": "Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.", "published": "2005-05-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1619", "cvelist": ["CVE-2005-1619"], "lastseen": "2017-04-18T15:51:10"}], "exploitdb": [{"id": "EDB-ID:25659", "type": "exploitdb", "title": "PHPHeaven PHPMyChat 0.14.5 Start-Page.CSS.PHP3 - Cross-Site Scripting Vulnerability", "description": "PHPHeaven PHPMyChat 0.14.5 Start-Page.CSS.PHP3 Cross-Site Scripting Vulnerability. CVE-2005-1619. Webapps exploit for php platform", "published": "2005-05-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/25659/", "cvelist": ["CVE-2005-1619"], "lastseen": "2016-02-03T01:52:55"}, {"id": "EDB-ID:25660", "type": "exploitdb", "title": "PHPHeaven PHPMyChat 0.14.5 Style.CSS.PHP3 - Cross-Site Scripting Vulnerability", "description": "PHPHeaven PHPMyChat 0.14.5 Style.CSS.PHP3 Cross-Site Scripting Vulnerability. CVE-2005-1619. Webapps exploit for php platform", "published": "2005-05-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/25660/", "cvelist": ["CVE-2005-1619"], "lastseen": "2016-02-03T01:53:02"}], "osvdb": [{"id": "OSVDB:16769", "type": "osvdb", "title": "phpMyChat start-page.css.php3 FontName Variable XSS", "description": "## Vulnerability Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'start-page.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'start-page.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script>\n## References:\nVendor URL: http://phpmychat.sourceforge.net/rubrique.php3?id_rubrique=29\n[Secunia Advisory ID:11894](https://secuniaresearch.flexerasoftware.com/advisories/11894/)\n[Related OSVDB ID: 16770](https://vulners.com/osvdb/OSVDB:16770)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0180.html\nISS X-Force ID: 20591\n[CVE-2005-1619](https://vulners.com/cve/CVE-2005-1619)\nBugtraq ID: 13627\n", "published": "2005-05-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:16769", "cvelist": ["CVE-2005-1619"], "lastseen": "2017-04-28T13:20:13"}]}}