WebcamXP Chat Name XSS

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a cross-site scripting
vulnerability.

Description :

The remote host is running a version of webcamXP, a webcam software
package and integrated web server for Windows, that suffers from an
HTML injection flaw in its chat feature. An attacker can exploit this
flaw by injecting malicious HTML and script code through the nickname
field to redirect chat users to arbitrary sites, steal authentication
cookies, and the like.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0393.html

Solution :

Upgrade to webcamXP version 2.16.478 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18122 ()

Bugtraq ID: 13250

CVE ID: CVE-2005-1189