CVE-2025-29594 Information

Description

A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically the $_GET[’errorcode’] parameter can be manipulated to access unauthorized error codes leading to Cross-Site Scripting (XSS) attacks and information disclosure.

Reference

https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-29594 https://github.com/LielXD/CS2-WeaponPaints-Website/blob/b1d8364c1cbcab6981a564d8abe43b1cc26a2503/errorpage.php#L41