CVE-2024-45799 — HIGH (7.3)

Q: How severe is CVE-2024-45799?

CVE-2024-45799 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45799?

Check the references section above for vendor advisories and patch information. Affected products include: Rathena Fluxcp.

Vulnerability Description

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Rathena	Fluxcp	< 1.3.0

Related Weaknesses (CWE)

CWE-79 CWE-200

References

https://github.com/rathena/FluxCP/security/advisories/GHSA-xvqv-25vf-88g4Third Party Advisory

FAQ

What is CVE-2024-45799?

CVE-2024-45799 is a vulnerability with a CVSS score of 7.3 (HIGH). FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows e...

How severe is CVE-2024-45799?

CVE-2024-45799 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45799?

Check the references section above for vendor advisories and patch information. Affected products include: Rathena Fluxcp.