Title: WebChat Users.PHP Cross-Site Scripting Vulnerability
Severity: MODERATE
Description:
WebChat is a web based chat module designed for use with PHP-Nuke.
WebChat has been reported prone to a cross-site scripting vulnerability.
WebChat does not adequately filter script code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the WebChat 'users.php' script. The code contained in the 'username' URI parameter may be executed in the browser of the web user who visits the link. Code will be executed in the security context of the system running the WebChat Module.
This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.
This vulnerability was reported to affect WebChat version 2.0 other versions may also be affected.
Affected Products:
- WebChat WebChat 2.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
