CVE-2014-5276
Summary
| CVE | CVE-2014-5276 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-10-20 16:55:00 UTC |
| Updated | 2017-09-08 01:29:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pro Chat Rooms | Text Chat Rooms | 8.2.0 | All | All | All |
| Application | Pro Chat Rooms | Text Chat Rooms | 8.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities | EXPLOIT-DB | www.exploit-db.com | Exploit |
| Pro Chat Rooms 8.2.0 XSS / Shell Upload / SQL Injection ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit |
| 20140805 Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities | BUGTRAQ | archives.neohapsis.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.