Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Importing a malicious egg or gaining access to wings instance could lead to XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: Egg Docker images Egg variables: Name Environment variable Default value Description Validation rules Additionally, certain fields would reflect malicious input, but it would require the user knowingly entering such input to have an impact. To …