Test ID:	1.3.6.1.4.1.25623.1.0.902607
Category:	Web application abuses
Title:	A Really Simple Chat Multiple XSS Vulnerabilities
Summary:	A Really Simple Chat is prone to multiple cross site scripting vulnerabilities.
Description:	Summary: A Really Simple Chat is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: The flaws are due to improper validation of user supplied data in the 'arsc_link' parameter in dereferer.php and 'arsc_message' parameter in login.php, which allow attacker to execute arbitrary scripts. Vulnerability Impact: Successful exploitation will allow attacker to inject arbitrary web script or HTML by executing arbitrary scripts. Affected Software/OS: A Really Simple Chat version 3.3 rc2. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2180 http://www.htbridge.ch/advisory/xss_in_a_really_simple_chat_arsc.html http://www.openwall.com/lists/oss-security/2011/06/02/1 http://www.openwall.com/lists/oss-security/2011/06/02/7 Common Vulnerability Exposure (CVE) ID: CVE-2011-2470 https://sourceforge.net/tracker/?func=detail&aid=3310673&group_id=32699&atid=406296
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.