Elinicksic Razgover Cross-Site Scripting Vulnerability in Chat Message Handler
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Elinicksic Razgover versions prior to db37dfc5c82f023a40f2f7834ded6633fb2b5262. The issue resides in the Chat Message Handler component, specifically within the Chattify/send.php file. The vulnerability is triggered by manipulating the 'msg' argument, allowing for the injection of malicious scripts. This issue can be exploited remotely and affects unsupported versions of the product.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, send a request to the Chattify/send.php file with a crafted 'msg' argument that includes the desired script payload. The injected script will be executed when the message is viewed by other users.
Remediation
Users are advised to apply the available patch, which can be downloaded from the Elinicksic Razgover GitHub repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.