Vulnerabilities > CVE-2005-1189 - Cross-Site Scripting vulnerability in Webcamxp Pro
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. The vulnerability has reportedly been fixed in the beta version 2.16.478.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | WEBCAMXP_CHAT_XSS.NASL |
| description | The remote host is running a version of webcamXP, a webcam software package and integrated web server for Windows, that suffers from an HTML injection flaw in its chat feature. An attacker can exploit this flaw by injecting malicious HTML and script code through the nickname field to redirect chat users to arbitrary sites, steal authentication cookies, and the like. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18122 |
| published | 2005-04-22 |
| reporter | This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/18122 |
| title | WebcamXP Chat Name XSS |