Bugtraq mailing list archives
Chatty improper input sanitizing
From: zerogue () gmail com
Date: 22 May 2006 19:06:25 -0000
Chatty improper input sanitizing Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate (possible defacement) Chatty is a PHP-based chatscript allowing users to chat over the web. Subscribing with a username like this: <script>alert(%22xss%22)</script> would cause major xss in the chatroom. Nomenumbra
Current thread:
- Chatty improper input sanitizing zerogue (May 23)