CVE-2006-4543
HLStats 1.34 - Cross-Site Scripting via Multiple Parameters
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by MC.Iglo · textwebappsphp
https://www.exploit-db.com/exploits/28446
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444716/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21635
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1490
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19771
Scores
EPSS
0.0302
EPSS Percentile
86.8%
Details
Status
published
Products (1)
hlstats/hlstats
1.34
Published
Sep 06, 2006
Tracked Since
Feb 18, 2026