ID de Prueba:	1.3.6.1.4.1.25623.1.0.900331
Categoría:	Web application abuses
Título:	Directory Traversal And XSS Vulnerability In Pro Chat Rooms
Resumen:	Pro Chat Rooms is prone to Directory Traversal and XSS vulnerability.
Descripción:	Summary: Pro Chat Rooms is prone to Directory Traversal and XSS vulnerability. Vulnerability Insight: - Error in profiles/index.php and profiles/admin.php file allows remote attackers to inject arbitrary web script or HTML via the 'gud' parameter. - Error in sendData.php file allows remote authenticated users to select an arbitrary local PHP script as an avatar via a ..(dot dot) in the 'avatar' parameter. Vulnerability Impact: Successful exploitation could result in Directory Traversal, Cross-Site Scripting or Cross-Site Request Forgery attack by execute arbitrary HTML and script code on the affected application. Affected Software/OS: Pro Chat Rooms version 3.0.3 and prior on all running platform. Solution: Upgrade to Pro Chat Rooms version 6.0 or later. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6501 BugTraq ID: 32758 http://www.securityfocus.com/bid/32758 https://www.exploit-db.com/exploits/7409 http://osvdb.org/50696 http://secunia.com/advisories/33088 XForce ISS Database: prochatrooms-index-xss(47241) https://exchange.xforce.ibmcloud.com/vulnerabilities/47241 Common Vulnerability Exposure (CVE) ID: CVE-2008-6502 http://osvdb.org/50697 XForce ISS Database: prochatrooms-senddata-xss(47242) https://exchange.xforce.ibmcloud.com/vulnerabilities/47242
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.