Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Chatty improper input sanitizing

From: zerogue () gmail com
Date: 22 May 2006 19:06:25 -0000
Chatty improper input sanitizing

Discovered by: Nomenumbra
Date: 21/5/2006
impact:moderate (possible defacement)

Chatty is a PHP-based chatscript allowing users to chat over the web.
Subscribing with a username like this: <script>alert(%22xss%22)</script>
would cause major xss in the chatroom.

Nomenumbra
Previous By Date Next
Previous By Thread Next

Current thread: