Stored XSS Vulnerability in Xbtit 3.1 Allows Execution of Malicious JavaScript Code

Stored XSS Vulnerability in Xbtit 3.1 Allows Execution of Malicious JavaScript Code

CVE-2021-45822 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.

Learn more about our Web Application Penetration Testing UK.