Bugtraq mailing list archives
X7Chat <= 2.0.2 avatar XSS injection
From: zerogue () gmail com
Date: 6 May 2006 12:57:19 -0000
X7Chat <= 2.0.2 avatar XSS injection Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement) X7Chat versions 2.0.2 and below are prone to XSS injection in a user's avatar. By setting this as the url of your avatar: javascript:alert('xss') you'd have some good ol' XSS Nomenumbra/[0x4F4C]
Current thread:
- X7Chat <= 2.0.2 avatar XSS injection zerogue (May 06)