Vulnerabilities > X7 Group > X7 Chat > 2.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-13 | CVE-2008-6964 | SQL Injection vulnerability in X7 Group X7 Chat 2.0.5 SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field. | 7.5 |
2007-11-15 | CVE-2007-5982 | Cross-Site Scripting vulnerability in X7 Group X7 Chat 2.0.4/2.0.5 Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. | 4.3 |