Lucene search
INCIBECVE-2024-5409HistoryMay 27, 2024 - 1:15 p.m.
CVE-2024-5409
2024-05-2713:15:09
CWE-79
INCIBE
web.nvd.nist.gov
30
rhinos
xss
tamper
url
session
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
RhinOS 3.0-1190 is vulnerable to an XSS via the “tamper” parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
Affected configurations
Node
saltosrhinosRange≤3.0-1190
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "RhinOS",
"vendor": "SaltOS",
"versions": [
{
"status": "affected",
"version": "3.0-1190"
}
]
}
]Related
nvd
nvd
CVE-2024-5409
2024-05-27 13:15:09
cvelist
cvelist
CVE-2024-5409 Cross-site Scripting vulnerability in RhinOS from SaltOS
2024-05-27 12:17:41
vulnrichment
vulnrichment
CVE-2024-5409 Cross-site Scripting vulnerability in RhinOS from SaltOS
2024-05-27 12:17:41
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-5409