CVE-2025-29594

Name of the Vulnerable Software and Affected Versions CS2-WeaponPaints-Website version 2.1.7

Description A vulnerability exists in the errorpage.php file where user-controlled input is not adequately validated before being processed. Specifically, the errorcode parameter in the $ GET superglobal can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure.

Recommendations For CS2-WeaponPaints-Website version 2.1.7, consider validating and sanitizing the errorcode parameter in the $ GET superglobal to prevent unauthorized access and XSS attacks. As a temporary workaround, restrict access to the errorpage.php file until a patch is available.