Pro Chat Rooms: Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
CVSS Score
3.5
EPSS Score
0.008
Published
2014-10-20
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-11-14