RhinOS 3.0-1190 Vulnerable to XSS via 'tamper' Parameter
CVE-2024-5409

6.1MEDIUM

Key Information:

Vendor: Saltos
Status: Rhinos
Vendor: CVE Published:; 27 May 2024

What is CVE-2024-5409?

The RhinOS version 3.0-1190 by Saltos contains a vulnerability that permits Cross-Site Scripting (XSS) attacks through the 'tamper' parameter in the phpthumb.php script located in the admin directory. This flaw allows malicious actors to craft and send deceptive URLs that, when visited by a user, can capture sensitive session information. As a result, attackers may gain unauthorized access to victim accounts, posing significant security risks to users of the affected product.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RhinOS 3.0-1190

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

https://github.com/josepsanzcamp/RhinOS

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 27, 2024
Vulnerability Reserved
May 27, 2024

Credit

Rafael Pedrero

JSON

Saltos