Vulnerabilities > X7 Group > X7 Chat > 2.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-15 | CVE-2007-5982 | Cross-Site Scripting vulnerability in X7 Group X7 Chat 2.0.4/2.0.5 Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. | 4.3 |
2006-07-25 | CVE-2006-3851 | SQL Injection vulnerability in X7 Group X7 Chat 2.0/2.0.2/2.0.4 SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. | 7.5 |