We found several XSS vulnerabilities in WebChess. The attackers can inject malicous javascript code via the following paramaters:
We also attached one of PoCs below, please check.
This PoC performs XSS attack via newMessage parameter (a POST variable) in sendingmessage.php.
Log in to post a comment.
This PoC performs XSS attack via newMessage parameter (a POST variable) in sendingmessage.php.