17 matches found
EUVD-2024-3623
Malicious code in bioql PyPI...
CVE-2024-56517
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
Reflected Cross-Site Scripting (Reflected XSS)
tltneon/lgsl is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper sanitization of the Referer HTTP header, allowing an attacker to inject arbitrary JavaScript code into the application's HTML response...
CVE-2024-56517
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
GHSA-GGWQ-XC72-33R3 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...
CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
CVE-2024-56361
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
CVE-2024-56361
LGSL (Live Game Server List) version before 7.0.0 is affected by a stored XSS vulnerability via the lgsl_query_40 HTTP crawler. The crawler requests the /info endpoint on registered game servers, and the payload is rendered on the info page (displayed through lgsl_details.php), enabling execution...
CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS by sending a crafted payload to the /info endpoint via the lgslquery40 function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an...
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
Exploit for php platform in category web applications ============================================================= DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability ============================================================= \|/// \ - - // @ @...
DaFun Spirit 2.2.5 - Multiple Remote File Inclusions
DaFun Spirit 2.2.5 - Multiple Remote File Inclusions \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability Script: http://code.google.com/p/dafunspirit/downloads/list Author: mat Mail:...