Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.

Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en PHPMyChat 0.14.5 permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante el parámetro (1) LIMIT en chat/deluser.php3, (2) Link en chat/edituser.php3, ó (3) LastCheck ó (4) B en chat/users_popupL.php3.
NOTA: los vectores FontName para start_page.css.php3 y style.css.php3 se encuentran cubiertos por CVE-2005-1619.
Los vectores medium para start_page.css.php3 (start_page.css.php) y style.css.php3 (style.css.php), y el vector From para users_popupL.php3 (users_popupL.php), se encuentran cubiertos en CVE-2005-3991.