CometChat is prone to a cross-site scripting vulnerability and a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie- based authentication credentials and launch other attacks. An attacker can exploit the remote code-execution issue to execute arbitrary code in the context of the application. Failed attacks may cause denial-of-service conditions.
Updates are available. Please see the references or vendor advisory for more information.
Updated on 2015-03-25
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- AlefMentor Multiple SQL Injection Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- AdaptBB Multiple Input Validation Vulnerabilities