Vulners
Lucene search
PsychoStats < 2.2.4 Beta - Cross Site Scripting
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2004-1417 | 12 Feb 200505:00 | – | cve |
 | CVE-2004-1417 | 12 Feb 200505:00 | – | cvelist |
 | EUVD-2004-1414 | 7 Oct 202500:30 | – | euvd |
 | PsychoStats 2.2.4 Beta - Cross Site Scripting | 22 Dec 201400:00 | – | exploitpack |
 | CVE-2004-1417 | 31 Dec 200405:00 | – | nvd |
 | PsychoStats Login Parameter Cross-Site Scripting | 3 Nov 200500:00 | – | openvas |
 | PT-2004-2332 · Unknown · Psychostats | 31 Dec 200400:00 | – | ptsecurity |
PsychoStats Cross Site Scripting
Vendor: Jason Morriss
Product: PsychoStats
Version: <= 2.2.4 Beta
Website: http://www.psychostats.com/
BID: 12089
CVE: CVE-2004-1417
OSVDB: 12560
SECUNIA: 13619
PACKETSTORM: 35502
Description:
PsychoStats is a statistics generator for games. Currently there is support for a handful of Half-Life "MODs" including Counter-Strike, Day of Defeat, and Natural Selection. PsychoStats gathers statistics from the log files that game servers create by reading through the logs and then calculating detailed statistics for players, maps, weapons and clans. These detailed statistics are stored in a MySQL database which are then viewed online from your website using a set of PHP web pages. There are some complaints out there in the community that do not like the fact that PsychoStats does not provide 'real time' game statistics. The fact is, providing 'real time', accurate and detailed statistics is a hard issue to overcome. Some game statistic generators out there that provide 'real time' statistics simply do not have the same amount of detailed information that PsychoStats has. And they usually only provide very basic 'kill' statistics. Ignoring detailed 'map' and 'clan' statistics. PsychoStats may not be real time, but it works very close to it. As data is stored in a mysql database old logs that were scanned previously do not need to be scanned again, which makes for much faster updates then the old v1.x of PsychoStats. And the data provided by PsychoStats is very detailed.
Cross Site Scripting:
Cross site scripting exists in Jason Morriss PsychoStats. This vulnerability exists due to user supplied input not being checked properly. Below is an example.
http://www.example.com/stats/login.php?login=%22%3E%3Ciframe%3E
This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.
Solution:
The vendor was contacted, responded very promptly and said he will be addressing the issue soon and has released an updated version of the software.
http://www.psychostats.com/forums/viewtopic.php?t=11022
You can find directions on how to install the patch at the link listed above. Users should upgrade as soon as they can.
Credits:
James Bercegay of the GulfTech Security Research TeamData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Dec 2014 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 24.3
EPSS0.00887