MEDIUM🇵🇱 Wersja polska

CVE-2023-36995

CVSS 6.1v3.1pub. 2023-07-06upd. 2024-11-21

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Travianz Project Travianz

    APP
    Travianz Project
    ≤ 8.3.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-36993CRITICAL9.8ten sam produkt

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password ...

CVE-2023-36994CRITICAL9.8ten sam produkt

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwri...

CVE-2023-36992HIGH7.2ten sam produkt

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to ex...