Vulnerabilities > CVE-2006-3366 - Input Validation vulnerability in V3 Chat V3 Chat Beta

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
v3-chat
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".

Vulnerable Configurations

Part Description Count
Application
V3_Chat
1

Exploit-Db

  • descriptionV3 Chat Instant Messenger search.php Multiple Parameter XSS. CVE-2006-3366. Webapps exploit for php platform
    idEDB-ID:28071
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28071/
    titleV3 Chat Instant Messenger - search.php Multiple Parameter XSS
  • descriptionV3 Chat Instant Messenger profile.php site_id Parameter XSS. CVE-2006-3366. Webapps exploit for php platform
    idEDB-ID:28072
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28072/
    titleV3 Chat Instant Messenger - profile.php site_id Parameter XSS
  • descriptionV3 Chat Instant Messenger profileview.php membername Parameter XSS. CVE-2006-3366. Webapps exploit for php platform
    idEDB-ID:28073
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28073/
    titleV3 Chat Instant Messenger - profileview.php membername Parameter XSS
  • descriptionV3 Chat Instant Messenger mail/index.php id Parameter XSS. CVE-2006-3366. Webapps exploit for php platform
    idEDB-ID:28068
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28068/
    titleV3 Chat Instant Messenger - mail/index.php id Parameter XSS
  • descriptionV3 Chat Instant Messenger mail/reply.php id Parameter XSS. CVE-2006-3366. Webapps exploit for php platform
    idEDB-ID:28069
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28069/
    titleV3 Chat Instant Messenger - mail/reply.php id Parameter XSS
  • descriptionV3 Chat Instant Messenger expire.php cust_name Parameter XSS. CVE-2006-3366 . Webapps exploit for php platform
    idEDB-ID:28074
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28074/
    titleV3 Chat Instant Messenger - expire.php cust_name Parameter XSS
  • descriptionV3 Chat Instant Messenger online.php site_id Parameter XSS. CVE-2006-3366. Webapps exploit for php platform
    idEDB-ID:28070
    last seen2016-02-03
    modified2006-06-20
    published2006-06-20
    reporterLuny
    sourcehttps://www.exploit-db.com/download/28070/
    titleV3 Chat Instant Messenger - online.php site_id Parameter XSS