CVE-2025-29594
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure.
Some website i've made for my cs2 server for the plugin cs2-weaponpaints and wanted to share this with the community.
GitHub