CVE-2025-61583
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joni1802 | ts3_manager | to 2.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected cross-site scripting (XSS) issue in TS3 Manager versions 2.2.1 and earlier. It occurs in the login page's error handling mechanism, where malicious scripts embedded in server hostnames are executed in the victim's browser without proper sanitization.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to execute malicious scripts in a user's browser when they visit the login page with a specially crafted server hostname. This could lead to theft of sensitive information or session hijacking, although the impact is limited to confidentiality and does not affect integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade TS3 Manager to version 2.2.2 or later, as this version contains the fix for the reflected cross-site scripting vulnerability in the login page error handling mechanism.