[] NeoSense
E X P L O I T S
title author type platform port cve id

Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities

Author: HNK Technology Solutions
type: webapps
platform: php
port: 
date_added: 2004-06-04 
date_updated: 2013-01-16 
verified: 1 
codes: CVE-2004-2355;OSVDB-6744 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/10463/info

CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.

Crafy Syntax Live Help 2.7.3 and prior versions are prone to these issues.

window.location("http://www.cgisecurity.com/articles/xss-faq.shtml");
window.location("http://livehelp.someisp.com/livehelp/operators.php?remove=1")
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.