CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...

CVE-2026-28429

Talishar (Flesh and Blood fan project) has a path traversal flaw in the gameName parameter prior to commit 6be3871. ParseGamestate.php can be accessed as a standalone script, allowing directory traversal sequences (e.g., ../) to reach unauthorized files. The issue is mitigated by the patch in com...

CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...

CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...

Talishar 路径遍历漏洞

Talishar is an open-source game client developed by Talishar. Prior to version 6be3871, there was a path traversal vulnerability in the software. This vulnerability stemmed from the gameName parameter in the ParseGamestate.php component, which allowed for path traversal, potentially leading to...

Mail.ru: Stored XSS on https://community.my.games/ (Add Post)

Two stored XSS at https://community.my.games/. First XSS via upload photo title at link https://community.my.games/community/game/GameName/ . Second XSS via Discussion at the same link...

phpArcadeScript 2.0 tellafriend.php gamename Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16957/info phpArcadeScript is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary...

phpArcadeScript 2.0 tellafriend.php gamename Parameter XSS

phpArcadeScript 2.0 tellafriend.php gamename Parameter XSS. CVE-2006-1082. Webapps exploit for php platform source: http://www.securityfocus.com/bid/16957/info phpArcadeScript is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of...