Aggregates CVE and security vulnerability intelligence across all travianz_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-36994 | In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | [email protected] | 9.8 | 0.74% | 2023-07-07 | 2026-06-17 |
| CVE-2023-36993 | The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. | [email protected] | 9.8 | 0.80% | 2023-07-07 | 2026-06-17 |
| CVE-2023-36992 | PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. | [email protected] | 7.2 | 0.98% | 2023-07-07 | 2026-06-17 |
| CVE-2023-36995 | TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. | [email protected] | 6.1 | 0.41% | 2023-07-06 | 2026-06-17 |