Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21088
HistoryDec 28, 2008 - 12:00 a.m.

PsychoStats v3.1 XSS

2008-12-2800:00:00
vulners.com
24
JSON

PsychoStats v3.1 XSS

SOFTWARE:

PsychoStats v3.1

http://www.psychostats.com/

SEVERITY:

Normal

INFO:

PsychoStats is open source software that creates comprehensive gaming statistics for players and clans for Half-Life and Half-Life 2 based games. This includes games like Counter-Strike, Team Fortress 2, Day of Defeat and GunGame. Support for other games such as Call of Duty 4 and Soldat are also supported.

ATTACK:

/admin/login.php?ref="><script>alert(1771);</script>

MY FIX:

Open /admin/login.php and below

$cms->theme->assign_request_vars($validfields, true);

add

$ref = htmlspecialchars($ref, ENT_QUOTES);

This vulnerability was discovered by matrix_killer

e-mail: matrix_k at abv.bg

JSON