Test ID:	1.3.6.1.4.1.25623.1.0.900331
Category:	Web application abuses
Title:	Directory Traversal And XSS Vulnerability In Pro Chat Rooms
Summary:	Pro Chat Rooms is prone to Directory Traversal and XSS vulnerability.
Description:	Summary: Pro Chat Rooms is prone to Directory Traversal and XSS vulnerability. Vulnerability Insight: - Error in profiles/index.php and profiles/admin.php file allows remote attackers to inject arbitrary web script or HTML via the 'gud' parameter. - Error in sendData.php file allows remote authenticated users to select an arbitrary local PHP script as an avatar via a ..(dot dot) in the 'avatar' parameter. Vulnerability Impact: Successful exploitation could result in Directory Traversal, Cross-Site Scripting or Cross-Site Request Forgery attack by execute arbitrary HTML and script code on the affected application. Affected Software/OS: Pro Chat Rooms version 3.0.3 and prior on all running platform. Solution: Upgrade to Pro Chat Rooms version 6.0 or later. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6501 BugTraq ID: 32758 http://www.securityfocus.com/bid/32758 https://www.exploit-db.com/exploits/7409 http://osvdb.org/50696 http://secunia.com/advisories/33088 XForce ISS Database: prochatrooms-index-xss(47241) https://exchange.xforce.ibmcloud.com/vulnerabilities/47241 Common Vulnerability Exposure (CVE) ID: CVE-2008-6502 http://osvdb.org/50697 XForce ISS Database: prochatrooms-senddata-xss(47242) https://exchange.xforce.ibmcloud.com/vulnerabilities/47242
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.