X7 Chat

CVEs (3)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2006-2156	X7 Chat X7 Chat	0.04	—	0.08	May 3, 2006	Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVE-2006-3851	X7 Chat X7 Chat	0.03	—	0.01	Jul 25, 2006	SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
CVE-2006-2282	X7 Chat X7 Chat	0.00	—	0.01	May 10, 2006	Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.

CVE-2006-2156May 3, 2006
X7 Chat
X7 Chat
risk 0.04cvss —epss 0.08
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVE-2006-3851Jul 25, 2006
X7 Chat
X7 Chat
risk 0.03cvss —epss 0.01
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
CVE-2006-2282May 10, 2006
X7 Chat
X7 Chat
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.