CVE-2023-36995

Name of the Vulnerable Software and Affected Versions TravianZ versions 8.3.4 and earlier

Description The issue allows for XSS attacks through various means, including the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.

Recommendations For versions 8.3.4 and earlier, as a temporary workaround, consider restricting access to the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, and avoid using the COOKUSR cookie until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.