CVE-2006-2415 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm.

Reference

http://pridels0.blogspot.com/2006/05/flexchat-xss.html http://secunia.com/advisories/20101 http://securitytracker.com/id?1016104 http://www.osvdb.org/25504 http://www.osvdb.org/25505 http://www.vupen.com/english/advisories/2006/1804 https://exchange.xforce.ibmcloud.com/vulnerabilities/26429