X7 Group : Security Vulnerabilities, CVEs, Published In 2006
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2006-07-25
Updated
2017-10-19
Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.
Max CVSS
4.3
EPSS Score
0.62%
Published
2006-05-10
Updated
2018-10-18
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
Max CVSS
6.4
EPSS Score
1.43%
Published
2006-05-03
Updated
2018-10-18
3 vulnerabilities found