Title: Chatness Message Form Field HTML Injection Vulnerability
Severity: MODERATE
Description:
Chatness is a web-based chat system.
Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. The source of the vulnerability is that input supplied to affected form fields is not adequately sanitized before being sent to other users in chat messages. The 'user' and 'message' fields are known to be affected. It is conjectured that the 'user' field may not present a viable attack, as the malicious message may not be delivered to another user if it contains HTML and script code.
Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks.
Affected Products:
- Chatness Chatness 2.5.0
- Chatness Chatness 2.5.1
References:
- Chatness: Chatness Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
