cvedb.io
CVE-2026-25144
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-02-02T23:16:09.600 · Last modified 2026-06-17T10:24:11.097

Summary

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6b4.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.