{
  "schema_version": "1.4.0",
  "id": "GHSA-xx95-62h6-h7v3",
  "modified": "2024-12-27T00:32:07Z",
  "published": "2024-12-26T20:20:12Z",
  "aliases": [
    "CVE-2024-56361"
  ],
  "summary": "lgsl Stored Cross-Site Scripting vulnerability",
  "details": "### Summary\n\nA stored cross-site scripting (XSS) vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack.\n\n### Details\n\nThe function `lgsl_query_40` in `lgsl_protocol.php` has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious `/info` endpoint with our payload, will render our javascript on the info page. This information is being displayed via `lgsl_details.php`\n\n#### Affected Code:\n```php\n      foreach ($server['e'] as $field => $value) {\n        $value = preg_replace('/((https*:\\/\\/|https*:\\/\\/www\\.|www\\.)[\\w\\d\\.\\-\\/=$?​]*)/i', \"<a href='$1' target='_blank'>$1</a>\", html_entity_decode($value));\n        $output .= \"\n        <tr><td> {$field} </td><td> {$value} </td></tr>\";\n      }\n```\n### PoC\n\n1. Create a game server with type `eco` and set the target host and port accordingly to your ttack server. I have crafted this json payload that is being parsed according to the schema and being served on `/info` \n\n2. Serve the following JSON payload at `/info` on your handler\n```json\n{\n  \"Animals\": \"1\",\n  \"EconomyDesc\": \"<img src=x onerror=prompt(1)>\"\n}\n```\n3. Access the corresponding server info page at `/s?=`. Upon refreshing & crawling our server, it should execute our javascript.\n\n",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tltneon/lgsl"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tltneon/lgsl"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-26T20:20:12Z",
    "nvd_published_at": "2024-12-26T22:15:19Z"
  }
}