https://www.exploit-db.com/exploits/24169
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-364

CraftySyntaxLiveHelp(CSLH)2.7.4之前版本存在跨站脚本（XSS）漏洞。远程攻击者可以借助livehelp或chat会话的姓名字段注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/10463/info

CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.

Crafy Syntax Live Help 2.7.3 and prior versions are prone to these issues. 

window.location("http://www.cgisecurity.com/articles/xss-faq.shtml");
window.location("http://livehelp.someisp.com/livehelp/operators.php?remove=1")

来源:XF
名称:cslh-chat-name-xss(16321)
链接:http://xforce.iss.net/xforce/xfdb/16321
来源:BID
名称:10463
链接:http://www.securityfocus.com/bid/10463
来源:SECUNIA
名称:11789
链接:http://secunia.com/advisories/11789
来源:BUGTRAQ
名称:20040603Cross-sitescriptingvulnerabilityinCrafySyntaxLiveHelp2.7.3andbelow
链接:http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html
来源:www.craftysyntax.com
链接:http://www.craftysyntax.com/CHANGELOG.txt
来源:OSVDB
名称:6744
链接:http://www.osvdb.org/6744