CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
Configurations

No configuration.

History

21 Nov 2024, 09:47

Type Values Removed Values Added
References () https://github.com/josepsanzcamp/RhinOS - () https://github.com/josepsanzcamp/RhinOS -
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos -

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) RhinOS 3.0-1190 es vulnerable a un XSS a través del parámetro "tamper" en /admin/lib/phpthumb/phpthumb.php. Un atacante podría crear una URL maliciosa y enviarla a una víctima para obtener los detalles de su sesión.

27 May 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-27 13:15

Updated : 2024-11-21 09:47


NVD link : CVE-2024-5409

Mitre link : CVE-2024-5409

CVE.ORG link : CVE-2024-5409


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')