TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling

TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

输入验证不恰当

ts3-manager 安全漏洞

ts3-manager是Jonathan个人开发者的一个用于维护Teamspeak3服务器的web界面。 ts3-manager 2.2.1及之前版本存在安全漏洞，该漏洞源于登录页面错误处理机制未对服务器主机名中嵌入的恶意脚本进行适当清理，可能导致反射型跨站脚本攻击。

N/A

N/A