TS3 Manager is vulnerable to unauthenticated reflected XSS attack due...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.

Basic Information

ID CVE-2025-61583

Source GitHub_M

Published Oct 1, 2025 at 22:27

Affected Product

Vendor joni1802

Product ts3-manager

Version < 2.2.2

Affected Versions joni1802 ts3-manager < 2.2.2

CWE Classification

CWE-20 CWE-80

References

{
    "lastseen": "",
    "description": "TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.",
    "published": "2025-10-01T22:27:59.716Z",
    "modified": "2025-10-01T22:27:59.716Z",
    "type": "cve",
    "title": "TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling",
    "source": "GitHub_M",
    "references": "https://github.com/joni1802/ts3-manager/security/advisories/GHSA-qw6j-37r6-m93g\nhttps://github.com/joni1802/ts3-manager/commit/3a069915f97a6f5dae1fe0b2e32aa11a69d83b5e",
    "id": "CVE-2025-61583",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-80"
    ],
    "cvelist": null,
    "sourceData": "joni1802 ts3-manager < 2.2.2",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ts3-manager",
    "version": "< 2.2.2",
    "vendor": "joni1802",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling_CVE-2025-61583