Home > Vulnerability Database > CVE-2024-45799

Mend.io Vulnerability Database

CVE-2024-45799

Good to know:

Date: September 16, 2024

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

7.3

Related Resources (3)

Url: https://github.com/rathena/FluxCP/security/advisories/GHSA-xvqv-25vf-88g4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45799

Url: https://www.mend.io/vulnerability-database/CVE-2024-45799

Severity Score

7.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version 43c61e8bd426552b7fff88aa2108f9faee1099ec

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45799

Good to know:

Date: September 16, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?