CVE-2026-25144

Name of the Vulnerable Software and Affected Versions Talishar (affected versions not specified)

Description A Stored Cross-Site Scripting (XSS) issue exists within the in-game chat system. The playerID parameter in the 'SubmitChat.php' file is saved without proper sanitization. This unsanitized data is then executed when a user views the current game page. This allows for the injection of malicious scripts into the chat system, potentially affecting users who view the compromised chat messages.

Recommendations Versions prior to the commit 09dd00e5452e3cd998eb1406a88e5b0fa868e6b4 are vulnerable.