CVE-2024-5409

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5409
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://github.com/josepsanzcamp/RhinOS Product
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos Third Party Advisory
https://github.com/josepsanzcamp/RhinOS Product
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:saltos:rhinos:3.0:1190:*:*:*:*:*:*
History

05 Jun 2025, 15:31

Type Values Removed Values Added
References () https://github.com/josepsanzcamp/RhinOS - () https://github.com/josepsanzcamp/RhinOS - Product
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - Third Party Advisory
CPE cpe:2.3:a:saltos:rhinos:3.0:1190:*:*:*:*:*:*
First Time Saltos
Saltos rhinos

21 Nov 2024, 09:47

Type Values Removed Values Added
References () https://github.com/josepsanzcamp/RhinOS - () https://github.com/josepsanzcamp/RhinOS -
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos -

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) RhinOS 3.0-1190 es vulnerable a un XSS a través del parámetro "tamper" en /admin/lib/phpthumb/phpthumb.php. Un atacante podría crear una URL maliciosa y enviarla a una víctima para obtener los detalles de su sesión.

27 May 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-27 13:15

Updated : 2025-06-05 15:31

NVD link : CVE-2024-5409

Mitre link : CVE-2024-5409

CVE.ORG link : CVE-2024-5409

JSON object : View

Products Affected

saltos

  • rhinos
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')