Home > Vulnerability Database > CVE-2024-45799

Mend.io Vulnerability Database

CVE-2024-45799

Date: September 16, 2024

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

7.3

Related Resources (3)

Url: https://github.com/rathena/FluxCP/security/advisories/GHSA-xvqv-25vf-88g4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45799

Url: https://www.mend.io/vulnerability-database/CVE-2024-45799

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45799

Date: September 16, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?