CNNVD-202509-4376 Information

CNNVD ID

CNNVD-202509-4376

Related CVE

CVE-2025-57424

• CNNVD Published: 2025-09-29

Description (Chinese)

MyCourts是英国MyCourts公司的一个球场管理平台。 MyCourts v3版本存在安全漏洞，该漏洞源于LTA number profile字段缺少输入验证，可能导致存储型跨站脚本攻击，由于会话cookie缺少HttpOnly标志，可能被利用来劫持用户会话。

Description (English)

MyCourts is a stadium management platform for MyCourts. MyCourts v3 version has a security loophole, which stems from the lack of input validation of the LTA number profile field, which could lead to a storage-type cross-site scrip attack and could be used to hijack a user session due to the lack of HttpOnly logo for the session.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

MyCourts

Published

2025-09-29

Last Modified

2026-02-24

References

https://aardwolfsecurity.com/cve-2025-57424-stored-xss-vulnerability-in-mycourts/