10 matches found
CVE-2026-27632
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...
CVE-2026-27632
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...
CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...
EUVD-2026-8603
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...
CVE-2026-27632
Talishar (fan-made Flesh and Blood project) has a CSRF vulnerability in state-changing endpoints such as SubmitChat.php prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48. An attacker who knows the gameName and playerID and the user is browsing a malicious site can forge requests to perform...
CVE-2026-25144
CVE-2026-25144 affects Talishar’s in-game chat system. A Stored XSS vulnerability exists where the playerID parameter in SubmitChat.php is saved without sanitization and may be executed when a user views the current game page. The issue is publicly documented across multiple sources (NVD/Red Hat/...
CVE-2026-25144
Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...
CVE-2026-25144 Talishar has a Stored XSS which can lead to data exfiltration & user impersonation
Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin FV Flowplayer video player, which stems from the playerid parameter in the /view/stats.php file being susceptible to a reflected cross-site scripting attack,...
PT-2021-22556 · WordPress · Fv Flowplayer Video Player
Name of the Vulnerable Software and Affected Versions: FV Flowplayer Video Player WordPress plugin versions 7.5.0.727 through 7.5.2.727 Description: The issue allows attackers to inject arbitrary web scripts via the player id parameter found in the /view/stats.php file, enabling Reflected...