TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NTravianz Project Travianz
APPTravianz Project≤ 8.3.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2023-36993CRITICAL9.8ten sam produkt
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password ...
CVE-2023-36994CRITICAL9.8ten sam produkt
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwri...
CVE-2023-36992HIGH7.2ten sam produkt
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to ex...