AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2006-2670: Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script

infovulnerability

security

Source: NVD/CVE DatabaseMay 30, 2006CVE-2006-2670

Summary

ChatPat version 1.0 contains multiple cross-site scripting (XSS, where attackers inject malicious scripts into web pages) vulnerabilities in two PHP files that allow attackers to inject harmful code through chat messages. The vulnerability affects the fastchat.php and fastshow.php files in the application.

Vulnerability Details

CVSS Score

5.8

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationTrivial

Original source: https://nvd.nist.gov/vuln/detail/CVE-2006-2670

First tracked: February 15, 2026 at 08:48 PM

Classified by LLM (prompt v3) · confidence: 95%