Title: [Kil13r-SA-20060701-3] Massting Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/30 - Discovery 2006/06/30 - Vendor notification 2006/06/30 - Vendor response 2006/06/30 - Vendor fix 2006/07/01 - Release Affected version: Not affected version: Description: Massting is AJAX chat service site, but that has vulnerability. It can run arbitrary Javascript code by end user in message input form. Proof of Concept code: Proof of Concept example: None Proof of Concept screenshot: None - The Bird of Hermes is my name, Eating my wings to make me tame.