Pterodactyl panel's admin area vulnerable to Cross-site Scripting

Impact Importing a malicious egg or gaining access to wings instance could lead to XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: - Egg Docker images - Egg variables: - Name - Environment variable - Default val...

PT-2024-25678 · Unknown · Pterodactyl

Name of the Vulnerable Software and Affected Versions: Pterodactyl versions prior to 1.11.6 Description: Importing a malicious egg or gaining access to a wings instance could lead to cross-site scripting XSS on the panel, potentially allowing an attacker to gain an administrator account. The...