A cross-site scripting vulnerability is present in Xbtit...
Moderate severity
Unreviewed
Published
Mar 17, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Mar 16, 2022
Published to the GitHub Advisory Database
Mar 17, 2022
Last updated
Jan 27, 2023
A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.
References