Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Natterchat | Natterchat | 1.12 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.htmlExploit
- http://osvdb.org/51985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46768
- http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.htmlExploit
- http://osvdb.org/51985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46768
FAQ
What is CVE-2008-7048?
CVE-2008-7048 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked fro...
How severe is CVE-2008-7048?
CVE-2008-7048 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7048?
Check the references section above for vendor advisories and patch information. Affected products include: Natterchat Natterchat.