CVE-2026-25144
🟡 MEDIUMTalishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user...
Description
Request Expert ReviewTalishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6b4.
CVSS Scores
References
Additional Information
- Source
- security-advisories@github.com
- State
- Received
Related CVEs
CVE-2026-0909
MEDIUMThe WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the...
CVE-2026-25228
MEDIUMSignal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's appl...
CVE-2026-25142
CRITICALSandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain protot...
CVE-2026-25137
CRITICALThe NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the d...
CVE-2026-25060
HIGHOpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communicatio...
CVE-2026-25059
HIGHOpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation ha...
Share CVE-2026-25144
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-25144 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!