admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-56517.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

18 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### [CVE-2024-56517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56517)
![](https://img.shields.io/static/v1?label=Product&message=lgsl&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%206.2.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brightgreen)
### Description
LGSL (Live Game Server List) provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the `Referer` HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the `Referer` header, it is echoed back into an HTML attribute in the applications response. Commit 7ecb839df9358d21f64cdbff5b2536af25a77de1 contains a patch for the issue.
### POC
#### Reference
- https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink