RhinOS 3.0-1190 XSS Vulnerability Could Lead to User Session Details Theft
CVE-2024-5408

7.1HIGH

Key Information:

Vendor: Saltos
Status: Rhinos
Vendor: CVE Published:; 27 May 2024

Summary

The vulnerability in RhinOS 3.0-1190 is characterized by a Cross-Site Scripting (XSS) flaw within the 'search' parameter of the /portal/search.htm endpoint. This vulnerability can be exploited by a remote attacker who crafts a malicious URL. Once a victim interacts with this URL, it may lead to unauthorized access and extraction of sensitive session information, potentially compromising the integrity of user accounts. Users of RhinOS should apply necessary patches and maintain vigilance against this security risk.

Affected Version(s)

RhinOS 3.0-1190

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

https://github.com/josepsanzcamp/RhinOS

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 27, 2024
Vulnerability Reserved
May 27, 2024

Credit

Rafael Pedrero