cpe:/a:prochatrooms:pro_chat_rooms:3.0.2 CVE-2008-6502 2009-03-20T14:30:00.233-04:00 2017-09-28T21:33:12.697-04:00 4.6 NETWORK HIGH SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-20T15:26:00.000-04:00 SECUNIA 33088 OSVDB 50697 EXPLOIT-DB 7409 XF prochatrooms-senddata-xss(47242) Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1) an individual user or (2) a room, leading to cross-site request forgery (CSRF), cross-site scripting (XSS), or other impacts.