CVE-2024-5409

Published May 27th, 2024

View on NVD ↗

CVSS v3

7.1

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.

josepsanzcamp/RhinOS

The latest source code of the nightly version of the RhinOS project

GitHub