ID OSVDB:16770 Type osvdb Reporter Megasky(magasky@hotmail.com) Modified 2005-05-13T00:00:00
Description
Vulnerability Description
phpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
phpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Vendor URL: http://phpmychat.sourceforge.net/rubrique.php3?id_rubrique=29
Secunia Advisory ID:11894Related OSVDB ID: 16769
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0180.html
ISS X-Force ID: 20591
CVE-2005-1619
Bugtraq ID: 13628
{"type": "osvdb", "published": "2005-05-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:16770", "hashmap": [{"key": "affectedSoftware", "hash": "6c6014ebd8cfba2278f16ccd5c675ccb"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "f1bf4b7ecaa1e7cc6b0c6aabd2c07972"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "f7f81f2c173014bce3e31320cc11795b"}, {"key": "href", "hash": "5ae398bfba3e2dc0e1dce017188d8bda"}, {"key": "modified", "hash": "74329e3297c7a5bb846901b42162fdfc"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "74329e3297c7a5bb846901b42162fdfc"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "8d4fcaa807908f3205f824fcd00d009a"}, {"key": "title", "hash": "9c083f194136571440d9f8b9ef1bc4f0"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Megasky(magasky@hotmail.com)", "title": "phpMyChat style.css.php3 FontName Variable XSS", "affectedSoftware": [{"operator": "eq", "version": "0.14.5", "name": "phpMyChat"}], "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1619"]}, {"type": "osvdb", "idList": ["OSVDB:16769"]}, {"type": "exploitdb", "idList": ["EDB-ID:25659", "EDB-ID:25660"]}], "modified": "2017-04-28T13:20:13"}, "vulnersScore": 4.3}, "references": [], "id": "OSVDB:16770", "hash": "3eb33308cbea773228403564e859b1da33833997e4bbe27c0d963086ff951a25", "lastseen": "2017-04-28T13:20:13", "cvelist": ["CVE-2005-1619"], "modified": "2005-05-13T00:00:00", "description": "## Vulnerability Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script>\n## References:\nVendor URL: http://phpmychat.sourceforge.net/rubrique.php3?id_rubrique=29\n[Secunia Advisory ID:11894](https://secuniaresearch.flexerasoftware.com/advisories/11894/)\n[Related OSVDB ID: 16769](https://vulners.com/osvdb/OSVDB:16769)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0180.html\nISS X-Force ID: 20591\n[CVE-2005-1619](https://vulners.com/cve/CVE-2005-1619)\nBugtraq ID: 13628\n"}
{"cve": [{"lastseen": "2018-10-20T11:06:10", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.", "modified": "2018-10-19T11:31:50", "published": "2005-05-16T00:00:00", "id": "CVE-2005-1619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1619", "title": "CVE-2005-1619", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T01:53:02", "bulletinFamily": "exploit", "description": "PHPHeaven PHPMyChat 0.14.5 Style.CSS.PHP3 Cross-Site Scripting Vulnerability. CVE-2005-1619. Webapps exploit for php platform", "modified": "2005-05-13T00:00:00", "published": "2005-05-13T00:00:00", "id": "EDB-ID:25660", "href": "https://www.exploit-db.com/exploits/25660/", "type": "exploitdb", "title": "PHPHeaven PHPMyChat 0.14.5 Style.CSS.PHP3 - Cross-Site Scripting Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/13628/info\r\n\r\nphpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp://www.example.com/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/25660/"}, {"lastseen": "2016-02-03T01:52:55", "bulletinFamily": "exploit", "description": "PHPHeaven PHPMyChat 0.14.5 Start-Page.CSS.PHP3 Cross-Site Scripting Vulnerability. CVE-2005-1619. Webapps exploit for php platform", "modified": "2005-05-13T00:00:00", "published": "2005-05-13T00:00:00", "id": "EDB-ID:25659", "href": "https://www.exploit-db.com/exploits/25659/", "type": "exploitdb", "title": "PHPHeaven PHPMyChat 0.14.5 Start-Page.CSS.PHP3 - Cross-Site Scripting Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/13627/info\r\n\r\nphpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp://www.example.com/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/25659/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'start-page.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'start-page.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script>\n## References:\nVendor URL: http://phpmychat.sourceforge.net/rubrique.php3?id_rubrique=29\n[Secunia Advisory ID:11894](https://secuniaresearch.flexerasoftware.com/advisories/11894/)\n[Related OSVDB ID: 16770](https://vulners.com/osvdb/OSVDB:16770)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0180.html\nISS X-Force ID: 20591\n[CVE-2005-1619](https://vulners.com/cve/CVE-2005-1619)\nBugtraq ID: 13627\n", "modified": "2005-05-13T00:00:00", "published": "2005-05-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:16769", "id": "OSVDB:16769", "type": "osvdb", "title": "phpMyChat start-page.css.php3 FontName Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
