CVE-2014-5276
Summary
| CVE | CVE-2014-5276 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-10-20 16:55:09 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pro Chat Rooms | Text Chat Rooms | 8.2.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Pro Chat Rooms 8.2.0 XSS / Shell Upload / SQL Injection ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Exploit |
| archives.neohapsis.com/archives/bugtraq/2014-08/0026.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Exploit |
| Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.