Vulnerability Details CVE-2006-3971
Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0716.html
- http://secunia.com/advisories/21286
- http://www.osvdb.org/27643
- http://www.securityfocus.com/bid/19238
- http://www.vupen.com/english/advisories/2006/3064
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28086
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0716.html
- http://secunia.com/advisories/21286
- http://www.osvdb.org/27643
- http://www.securityfocus.com/bid/19238
- http://www.vupen.com/english/advisories/2006/3064
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28086
Products affected by CVE-2006-3971
-
cpe:2.3:a:scott_weedon:ajax_chat:0.1