RhinOS 3.0-1190 XSS Vulnerability Could Lead to User Session Details Theft
CVE-2024-5408

6.1MEDIUM

Key Information:

Vendor: Saltos
Status: Rhinos
Vendor: CVE Published:; 27 May 2024

What is CVE-2024-5408?

The vulnerability in RhinOS 3.0-1190 is characterized by a Cross-Site Scripting (XSS) flaw within the 'search' parameter of the /portal/search.htm endpoint. This vulnerability can be exploited by a remote attacker who crafts a malicious URL. Once a victim interacts with this URL, it may lead to unauthorized access and extraction of sensitive session information, potentially compromising the integrity of user accounts. Users of RhinOS should apply necessary patches and maintain vigilance against this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RhinOS 3.0-1190

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

https://github.com/josepsanzcamp/RhinOS

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 27, 2024
Vulnerability Reserved
May 27, 2024

Credit

Rafael Pedrero

JSON

Saltos