Description

LGSL (Live Game Server List) provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the `Referer` HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the `Referer` header, it is echoed back into an HTML attribute in the application’s response. Commit 7ecb839df9358d21f64cdbff5b2536af25a77de1 contains a patch for the issue.

INFO

Published Date :

2024-12-30T16:36:08.785Z

Last Modified :

2024-12-30T17:22:50.748Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56517 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56517.

URL Resource
https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24 cve-icon cve-icon
https://github.com/tltneon/lgsl/commit/7ecb839df9358d21f64cdbff5b2536af25a77de1 cve-icon cve-icon
https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability