Vulnerabilities > CVE-2005-3991 - Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.6

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
phpheaven
exploit available
NVD
Published: 2005-12-04
Updated: 2018-10-19

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php.

Vulnerable Configurations

Part Description Count
Application
Phpheaven
1

Exploit-Db

  • descriptionphpMyChat 0.14.6 style.css.php medium Parameter XSS. CVE-2005-3991. Webapps exploit for php platform
    idEDB-ID:26695
    last seen2016-02-03
    modified2005-12-01
    published2005-12-01
    reporterLouis Wang
    sourcehttps://www.exploit-db.com/download/26695/
    titlephpMyChat 0.14.6 style.css.php medium Parameter XSS
  • descriptionphpMyChat 0.14.6 start_page.css.php medium Parameter XSS. CVE-2005-3991. Webapps exploit for php platform
    idEDB-ID:26694
    last seen2016-02-03
    modified2005-12-01
    published2005-12-01
    reporterLouis Wang
    sourcehttps://www.exploit-db.com/download/26694/
    titlephpMyChat 0.14.6 start_page.css.php medium Parameter XSS
  • descriptionphpMyChat 0.14.6 users_popupL.php From Parameter XSS. CVE-2005-3991. Webapps exploit for php platform
    idEDB-ID:26696
    last seen2016-02-03
    modified2005-12-01
    published2005-12-01
    reporterLouis Wang
    sourcehttps://www.exploit-db.com/download/26696/
    titlephpMyChat 0.14.6 users_popupL.php From Parameter XSS

References