Description

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6.

INFO

Published Date :

2024-10-04T14:20:24.412Z

Last Modified :

2024-10-04T16:09:22.623Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47765 vulnerability.

Vendors Products
Jgniecki
  • Minecraft Motd Parser
  • Minecraftmotdparser
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47765.

URL Resource
https://github.com/jgniecki/MinecraftMotdParser/commit/b0ab9d68a964cd3d74977f39a9e7af0a94509f7c cve-icon cve-icon
https://github.com/jgniecki/MinecraftMotdParser/security/advisories/GHSA-q898-frwq-f3qp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact