Filtered by vendor Travianz Project
Subscriptions
Filtered by product Travianz
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36995 | 1 Travianz Project | 1 Travianz | 2024-11-21 | 6.1 Medium |
TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. | ||||
CVE-2023-36994 | 1 Travianz Project | 1 Travianz | 2024-11-21 | 9.8 Critical |
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | ||||
CVE-2023-36993 | 1 Travianz Project | 1 Travianz | 2024-11-21 | 9.8 Critical |
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. | ||||
CVE-2023-36992 | 1 Travianz Project | 1 Travianz | 2024-11-21 | 7.2 High |
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. |
Page 1 of 1.