> [Suggested description] > PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. > > ------------------------------------------ > > [Vulnerability Type] > Cross Site Scripting (XSS) > > ------------------------------------------ > > [Vendor of Product] > PHPJabbers > > ------------------------------------------ > > [Affected Product Code Base] > Star Rating Script - 4.0 > > ------------------------------------------ > > [Affected Component] > Adding a rating item allows for the creation of a stored XSS > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact] > [+] CVE_Request.Impact_Code_execution > [-] CVE_Request.Impact_Denial_of_Service > [-] CVE_Request.Impact_Escalation_of_Privileges > [-] CVE_Request.Impact_Information_Disclosure > > ------------------------------------------ > > [Attack Vectors] > > > ------------------------------------------ > > [Discoverer] > Raphael Karger