33 matches found
WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting
source: https://www.securityfocus.com/bid/54332/info PHPFreeChat is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
WordPress PHPFreeChat Plugin 0.2.8 - Cross Site Scripting
WordPress PHPFreeChat plugin's "url" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...
WordPress Plugin PHPFreeChat - url Cross-Site Scripting
WordPress Plugin PHPFreeChat - url Cross-Site Scripting source: https://www.securityfocus.com/bid/54332/info PHPFreeChat is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
CVE-2011-3777
phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files...
Information disclosure
phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files...
CVE-2011-3777
phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files...
CVE-2011-3777
CVE-2011-3777 affects phpFreeChat 1.3. The vulnerability allows remote attackers to disclose sensitive information by directly requesting a .php file, causing an error message that reveals the installation path (e.g., themes/zilveer/style.css.php and related files). The reports do not provide exp...
Session fixation
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the sessionid parameter to match the victim's nickid parameter...
CVE-2008-3428
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the sessionid parameter to match the victim's nickid parameter...
CVE-2008-3428
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the sessionid parameter to match the victim's nickid parameter...
CVE-2008-3428
The CVE-2008-3428 entry concerns phpFreeChat 1.1, where a vulnerability in session handling allows a remote authenticated user to hijack another user’s session by setting the session_id parameter to match the victim’s nickid. This is a session fixation flaw with potential for partial confidential...
PHPFreeChat 1.1 - demo21_with_hardocded_urls.php Cross-Site Scripting
PHPFreeChat 1.1 - demo21withhardocdedurls.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30292/info phpFreeChat is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...
PHPFreeChat 1.1 - 'demo21_with_hardocded_urls.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30292/info phpFreeChat is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...