<<< Date Index >>>     <<< Thread Index >>>

Chatty improper input sanitizing



Chatty improper input sanitizing

Discovered by: Nomenumbra
Date: 21/5/2006
impact:moderate (possible defacement)

Chatty is a PHP-based chatscript allowing users to chat over the web.
Subscribing with a username like this: <script>alert(%22xss%22)</script>
would cause major xss in the chatroom.

Nomenumbra