Description
Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).
Affected products
- astrodog_press / some_chess1.5_rc1 – 1.5_rc1
References
- MISChttp://securitytracker.com/id?1016360
- MISChttp://securityreason.com/securityalert/1162
- MISChttp://www.securityfocus.com/bid/18557
- MISChttp://www.securityfocus.com/archive/1/438009/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/20770
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/27307