Aggregates CVE and security vulnerability intelligence across all psychostats-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, vendor risk sql injection, and vendor risk path handling, with potential vendor impact session compromise across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-10010 | A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The identifier of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was ass | [email protected] | 3.5 | 0.44% | 2023-06-01 | 2024-11-21 |
| CVE-2013-3721 | SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. | [email protected] | 7.5 | 0.44% | 2013-05-31 | 2026-04-29 |
| CVE-2008-6422 | Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. | [email protected] | 7.5 | 0.93% | 2009-03-06 | 2026-04-23 |
| CVE-2007-2914 | Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | [email protected] | 4.3 | 0.79% | 2007-05-30 | 2026-04-23 |
| CVE-2007-2780 | PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | [email protected] | 5.0 | 10.59% | 2007-05-21 | 2026-04-23 |
| CVE-2004-1417 | Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | [email protected] | 4.3 | 0.89% | 2004-12-31 | 2026-04-16 |