WebcamXP Chat Name XSS

medium Nessus Plugin ID 18122

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

The remote host is running a version of webcamXP, a webcam software package and integrated web server for Windows, that suffers from an HTML injection flaw in its chat feature. An attacker can exploit this flaw by injecting malicious HTML and script code through the nickname field to redirect chat users to arbitrary sites, steal authentication cookies, and the like.

Solution

Upgrade to webcamXP version 2.16.478 or later.

See Also

https://seclists.org/fulldisclosure/2005/Apr/405

Plugin Details

Severity: Medium

ID: 18122

File Name: webcamxp_chat_xss.nasl

Version: 1.19

Type: remote

Published: 4/22/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/18/2005

Reference Information

CVE: CVE-2005-1189

BID: 13250

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990