Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
5.7AI Score
0.007EPSS
PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.
6.2AI Score
0.02EPSS
Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.
6AI Score
0.011EPSS
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
8.8AI Score
0.001EPSS
A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to vers...
6.1CVSS
6AI Score
0.001EPSS
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.
8.7AI Score
0.001EPSS