Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities

2014-07-01T00:00:00
ID SSV:77902
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/10463/info

CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.

Crafy Syntax Live Help 2.7.3 and prior versions are prone to these issues. 

window.location("http://www.cgisecurity.com/articles/xss-faq.shtml");
window.location("http://livehelp.someisp.com/livehelp/operators.php?remove=1")