CVE-2008-7048 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp as invoked from register.asp or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.html http://osvdb.org/51985 https://exchange.xforce.ibmcloud.com/vulnerabilities/46768