X7 Group: >> X7 Chat >> 2.0.5 Security Vulnerabilities
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-08-13
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
CVSS Score
4.3
EPSS Score
0.044
Published
2007-11-15