Description
Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.
Affected products
- adventia / adventia_chat3.1 – 3.1
- adventia / adventia_server_pro3.0 – 3.0
References
- MISChttp://www.securityfocus.com/bid/12927
- MISChttp://www.securityfocus.com/bid/12940
- VENDOR_ADVISORYhttp://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt
- MISChttp://securitytracker.com/id?1013588
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/21317
- MAILING_LISThttp://marc.info/?l=full-disclosure&m=111211930330410&w=2
- MISChttp://www.osvdb.org/15156