Vulnerabilities > Phpopenchat

DATE CVE VULNERABILITY TITLE RISK
2005-08-10 CVE-2005-2545 HTML Injection vulnerability in PHPopenchat 3.0.2
Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php.
network
phpopenchat
4.3
2005-05-02 CVE-2005-0863 HTML Injection vulnerability in PHPopenchat 3.0.0/3.0.1/3.0.2
Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php.
network
phpopenchat
4.3
2005-05-02 CVE-2005-0862 Remote File Include vulnerability in PHPopenchat 2.3.4/3.0.1
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.
network
low complexity
phpopenchat
7.5