{"id":"CVE-2024-56361","summary":"Stored Cross-Site Scripting (XSS) in lgsl v7.0","details":"LGSL (Live Game Server List) provides online status for games. Before 7.0.0, a stored cross-site scripting (XSS) vulnerability was identified in lgsl. The function lgsl_query_40 in lgsl_protocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious /info endpoint with our payload, will render our javascript on the info page. This information is being displayed via lgsl_details.php. This vulnerability is fixed in 7.0.0.","aliases":["GHSA-xx95-62h6-h7v3"],"modified":"2026-04-10T05:19:26.828593Z","published":"2024-12-26T21:59:01.775Z","database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56361.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56361.json"},{"type":"ADVISORY","url":"https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56361"},{"type":"FIX","url":"https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tltneon/lgsl","events":[{"introduced":"0"},{"fixed":"0c66147ffb3c9cf92e370def92db15981cf155c2"}]}],"versions":["v5.10.0","v5.10.1","v5.10.2","v5.10.3","v5.8","v5.8_php7","v5.9.2","v5.9.3","v5.9.4","v5.9.6","v6.0.0","v6.0.1","v6.1.0","v6.1.1","v6.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56361.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"}]}