TUCoPS :: HP Unsorted X :: b06-2047.htm

X7chat <= 2.0.2 avatar xss injection
X7Chat <= 2.0.2 avatar XSS injection
X7Chat <= 2.0.2 avatar XSS injection


X7Chat <= 2.0.2 avatar XSS injection=0D
=0D
Discovered by: Nomenumbra=0D
Date: 6/4/2006=0D
impact:moderate (privilege escalation,possible defacement)=0D
=0D
X7Chat versions 2.0.2 and below are prone to XSS injection in a user's avatar.=0D
By setting this as the url of your avatar:=0D
=0D
javascript:alert('xss')=0D
=0D
you'd have some good ol' XSS=0D
=0D
Nomenumbra/[0x4F4C]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH