Search criteria
2 vulnerabilities by joni1802
CVE-2025-61583 (GCVE-0-2025-61583)
Vulnerability from cvelistv5 – Published: 2025-10-01 22:27 – Updated: 2025-10-02 18:01
VLAI?
Title
TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling
Summary
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joni1802 | ts3-manager |
Affected:
< 2.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T18:01:43.943047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T18:01:57.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ts3-manager",
"vendor": "joni1802",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim\u0027s browser context without proper sanitization. This issue is fixed in version 2.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T22:27:59.716Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/joni1802/ts3-manager/security/advisories/GHSA-qw6j-37r6-m93g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/joni1802/ts3-manager/security/advisories/GHSA-qw6j-37r6-m93g"
},
{
"name": "https://github.com/joni1802/ts3-manager/commit/3a069915f97a6f5dae1fe0b2e32aa11a69d83b5e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/joni1802/ts3-manager/commit/3a069915f97a6f5dae1fe0b2e32aa11a69d83b5e"
}
],
"source": {
"advisory": "GHSA-qw6j-37r6-m93g",
"discovery": "UNKNOWN"
},
"title": "TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61583",
"datePublished": "2025-10-01T22:27:59.716Z",
"dateReserved": "2025-09-26T16:25:25.150Z",
"dateUpdated": "2025-10-02T18:01:57.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61582 (GCVE-0-2025-61582)
Vulnerability from cvelistv5 – Published: 2025-10-01 22:20 – Updated: 2025-10-03 14:24
VLAI?
Title
Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input
Summary
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joni1802 | ts3-manager |
Affected:
< 2.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61582",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T14:23:58.829403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T14:24:28.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ts3-manager",
"vendor": "joni1802",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T22:20:35.501Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/joni1802/ts3-manager/security/advisories/GHSA-4cq4-hp4f-8w7p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/joni1802/ts3-manager/security/advisories/GHSA-4cq4-hp4f-8w7p"
},
{
"name": "https://github.com/joni1802/ts3-manager/commit/3a069915f97a6f5dae1fe0b2e32aa11a69d83b5e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/joni1802/ts3-manager/commit/3a069915f97a6f5dae1fe0b2e32aa11a69d83b5e"
}
],
"source": {
"advisory": "GHSA-4cq4-hp4f-8w7p",
"discovery": "UNKNOWN"
},
"title": "Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61582",
"datePublished": "2025-10-01T22:20:35.501Z",
"dateReserved": "2025-09-26T16:25:25.149Z",
"dateUpdated": "2025-10-03T14:24:28.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}