diff --git a/advisories/github-reviewed/2024/12/GHSA-xx95-62h6-h7v3/GHSA-xx95-62h6-h7v3.json b/advisories/github-reviewed/2024/12/GHSA-xx95-62h6-h7v3/GHSA-xx95-62h6-h7v3.json
new file mode 100644
index 0000000000000..1d7a86b7caefc
--- /dev/null
+++ b/advisories/github-reviewed/2024/12/GHSA-xx95-62h6-h7v3/GHSA-xx95-62h6-h7v3.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xx95-62h6-h7v3",
+  "modified": "2024-12-26T20:20:12Z",
+  "published": "2024-12-26T20:20:12Z",
+  "aliases": [
+    "CVE-2024-56361"
+  ],
+  "summary": "lgsl Stored Cross-Site Scripting vulnerability",
+  "details": "### Summary\n\nA stored cross-site scripting (XSS) vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack.\n\n### Details\n\nThe function `lgsl_query_40` in `lgsl_protocol.php` has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious `/info` endpoint with our payload, will render our javascript on the info page. This information is being displayed via `lgsl_details.php`\n\n#### Affected Code:\n```php\n      foreach ($server['e'] as $field => $value) {\n        $value = preg_replace('/((https*:\\/\\/|https*:\\/\\/www\\.|www\\.)[\\w\\d\\.\\-\\/=$?​]*)/i', \"<a href='$1' target='_blank'>$1</a>\", html_entity_decode($value));\n        $output .= \"\n        <tr><td> {$field} </td><td> {$value} </td></tr>\";\n      }\n```\n### PoC\n\n1. Create a game server with type `eco` and set the target host and port accordingly to your ttack server. I have crafted this json payload that is being parsed according to the schema and being served on `/info` \n\n2. Serve the following JSON payload at `/info` on your handler\n```json\n{\n  \"Animals\": \"1\",\n  \"EconomyDesc\": \"<img src=x onerror=prompt(1)>\"\n}\n```\n3. Access the corresponding server info page at `/s?=`. Upon refreshing & crawling our server, it should execute our javascript.\n\n",
+  "severity": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "tltneon/lgsl"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "7.0.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/tltneon/lgsl"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-12-26T20:20:12Z",
+    "nvd_published_at": null
+  }
+}
\ No newline at end of file