Impact
An XSS vulnerability exists in versions of Pterodactyl Panel before 0.7.19. Affected versions do not properly sanitize account names before rendering them to the dropdown selector in the admin area when creating or modifying a server.
Patches
This XSS has been addressed in 0.7.19 and will be rolled forwards into the 1.0-rc.7 release.
Workarounds
No workaround exists without manual patching. See https://github.com/pterodactyl/panel/pull/2441/files for the files changed.
For more information
If you have any questions or comments about this advisory please reach out on Discord, or by emailing dane at pterodactyl dot io.
Thank you to Sergej for the responsible disclosure of this issue.
sergejostir Analyst
Impact
An XSS vulnerability exists in versions of Pterodactyl Panel before 0.7.19. Affected versions do not properly sanitize account names before rendering them to the dropdown selector in the admin area when creating or modifying a server.
Patches
This XSS has been addressed in 0.7.19 and will be rolled forwards into the 1.0-rc.7 release.
Workarounds
No workaround exists without manual patching. See https://github.com/pterodactyl/panel/pull/2441/files for the files changed.
For more information
If you have any questions or comments about this advisory please reach out on Discord, or by emailing
daneatpterodactyldotio.Thank you to Sergej for the responsible disclosure of this issue.