Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X7 Group | X7 Chat | 2.0.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38745
- http://osvdb.org/38746
- http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt
- http://secunia.com/advisories/27677Vendor Advisory
- http://www.securityfocus.com/bid/26417Exploit
- http://osvdb.org/38745
- http://osvdb.org/38746
- http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt
- http://secunia.com/advisories/27677Vendor Advisory
- http://www.securityfocus.com/bid/26417Exploit
FAQ
What is CVE-2007-5982?
CVE-2007-5982 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sou...
How severe is CVE-2007-5982?
CVE-2007-5982 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5982?
Check the references section above for vendor advisories and patch information. Affected products include: X7 Group X7 Chat.