> [Suggested description] > PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. > > ------------------------------------------ > > [Vulnerability Type] > Cross Site Scripting (XSS) > > ------------------------------------------ > > [Vendor of Product] > PHPJabbers > > ------------------------------------------ > > [Affected Product Code Base] > File Sharing Script - 1.0 > > ------------------------------------------ > > [Affected Component] > Comment Section for each file > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact] > [+] CVE_Request.Impact_Code_execution > [-] CVE_Request.Impact_Denial_of_Service > [-] CVE_Request.Impact_Escalation_of_Privileges > [-] CVE_Request.Impact_Information_Disclosure > > ------------------------------------------ > > [Attack Vectors] > simply post a comment with the xss payload > > ------------------------------------------ > > [Discoverer] > Raphael Karger