6.1
CVE-2025-61583
- EPSS 0.23%
- Veröffentlicht 01.10.2025 23:15:30
- Zuletzt bearbeitet 20.10.2025 18:07:20
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginTS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Joni1802 ≫ Ts3 Manager Version < 2.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.136 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
https://github.com/joni1802/ts3-manager/commit/3a069915f97a6f5dae1fe0b2e32aa11a69d83b5e
https://github.com/joni1802/ts3-manager/security/advisories/GHSA-qw6j-37r6-m93g