TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NTravianz Project Travianz
APPTravianz Project≤ 8.3.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2023-36993CRITICAL9.8ten sam produkt
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password ...
CVE-2023-36994CRITICAL9.8ten sam produkt
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwri...
CVE-2023-36992HIGH7.2ten sam produkt
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to ex...