CVE-2024-47765

Name of the Vulnerable Software and Affected Versions Minecraft MOTD Parser versions prior to 1.0.6

Description The HtmlGenerator class in the Minecraft MOTD Parser library is subject to a potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. An attacker can make malicious inputs to the color and text properties of MotdItem to inject their own HTML into a web page during web page generation. This can be done by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. The XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This issue can potentially affect players visiting Minecraft server list websites, users visiting Minecraft server status websites, and server owners managing their Minecraft server via a web interface that displays the MOTD.

Recommendations For versions prior to 1.0.6, upgrade the Minecraft MOTD Parser library to version 1.0.6 or later to mitigate the risk of XSS attacks. As a temporary workaround, consider implementing input validation and escaping for the color and text properties of MotdItem to prevent malicious HTML injection. Restrict access to the HtmlGenerator class until a patch is applied.