EUVD-2008-1505

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1504

The CVE-2008-1504 entry concerns a Cross-site Scripting (XSS) vulnerability in the setup.php3 component of phpHeaven phpMyChat 0.14.5. The issue is triggered by untrusted input in the Lang parameter, allowing remote attackers to inject arbitrary web-script/HTML. The description and references ind...

CVE-2004-2718

PHPMyChat 0.14.5 is affected by CVE-2004-2718: an issue where setup.php3 is not removed or protected after installation, allowing direct requests to reveal sensitive information such as database passwords. Impact is partial confidentiality loss as described; no exploitation details or active expl...

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...