CVE-2007-5982

Multiple cross-site scripting XSS vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 room parameter to sources/frame.php, the 2 themec parameter to help/index.php, or the 3 INSTALLX7CHATVERSION parameter to...

CVE-2006-3851

SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the oldprefix parameter...

CVE-2006-3851

The CVE-2006-3851 entry covers an SQL injection in upgradev1.php for X7 Chat 2.0.4 and earlier, exploitable via the old_prefix parameter to execute arbitrary SQL commands remotely. Affected product: X7 Chat (PHP-based web chat). Root cause: improper sanitization of the old_prefix input before use...

X7 Chat upgradev1.php old_prefix Parameter SQL Injection

The remote host is running X7 Chat, a web-based chat program written in PHP. The version of X7 Chat installed on the remote host fails to properly sanitize input to the 'oldprefix' parameter of the 'upgradev1.php' script before using it in a database query. This may allow an unauthenticated...