CVE-2024-5409 Information

Description

RhinOS 3.0-1190 is vulnerable to an XSS via the amper\ parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos https://github.com/josepsanzcamp/RhinOS