Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.
Max CVSS
9.3
EPSS Score
0.50%
Published
2007-05-24
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
Max CVSS
4.3
EPSS Score
5.20%
Published
2007-05-22
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
Max CVSS
6.8
EPSS Score
0.60%
Published
2007-02-08
Updated
2008-11-15
HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.
Max CVSS
5.0
EPSS Score
0.40%
Published
2006-12-28
Updated
2018-10-17
SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.
Max CVSS
7.5
EPSS Score
0.88%
Published
2006-12-28
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.
Max CVSS
6.8
EPSS Score
0.71%
Published
2006-09-06
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Max CVSS
4.3
EPSS Score
0.89%
Published
2006-08-30
Updated
2017-07-20
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!