SCA: security update for dev-lancer/minecraft-motd-parser (GHSA-q898-frwq-f3qp)

medium Tenable Self-Hosted Container Security Plugin ID 417992

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject
to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The
HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection
to generate a HTML string. An attacker can make malicious inputs to the color and text properties of
MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious
MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This
XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This
vulnerability is fixed in 1.0.6. (CVE-2024-47765)

See Also

https://github.com/advisories/GHSA-q898-frwq-f3qp

Plugin Details

Severity: Medium

ID: 417992

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 9.14

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2024-47765

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 2.7

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 10/4/2024

Vulnerability Publication Date: 10/4/2024

Reference Information

CVE: CVE-2024-47765