Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Low

CVE-2019-19908

Disclosure Date: June 19, 2019 (last updated November 27, 2024)
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
1
Attacker Value
Unknown

CVE-2020-9265

Disclosure Date: February 18, 2020 (last updated February 21, 2025)
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0