CVE-2024-45799
Last modified
CVE-2024-45799 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rathena | Fluxcp | < 1.3.0 |
References
- https://github.com/rathena/FluxCP/security/advisories/GHSA-xvqv-25vf-88g4Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-45799?
How severe is CVE-2024-45799?
How do I fix CVE-2024-45799?
Are you affected by CVE-2024-45799?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST