CVE-2006-4543

Name of the Vulnerable Software and Affected Versions HLStats version 1.34

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the game parameter in players mode, the weapon parameter in weaponinfo mode, the st parameter in search mode, the action parameter in actioninfo mode, and the map parameter in mapinfo mode.

Recommendations For HLStats version 1.34, as a temporary workaround, consider restricting access to the affected parameters, such as game, weapon, st, action, and map, until a patch is available. Avoid using these parameters in the respective modes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.