CVE-2024-5409

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published May 27, 2024

Updated: May 28, 2024

CWE ID 79

Summary

CVE-2024-5409 is a newly identified vulnerability affecting RhinOS 3.0-1190. This issue involves a Cross-Site Scripting (XSS) flaw located in the "/admin/lib/phpthumb/phpthumb.php" file. An attacker can exploit this vulnerability by creating a malicious URL containing a tampered "tamper" parameter. By tricking a victim into clicking this URL, the attacker may gain unauthorized access to the victim's session details.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wIr35L
https://www.cve.org/CVERecord?id=CVE-2024-5409
https://nvd.nist.gov/vuln/detail/CVE-2024-5409

Back to Vulnerability Database

CVE-2024-5409

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations