Unrated severityNVD Advisory· Published Sep 16, 2024· Updated Sep 16, 2024
Javascript Injection in Vending Info/Buyers Info Module in FluxCP
CVE-2024-45799
Description
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/rathena/FluxCP/security/advisories/GHSA-xvqv-25vf-88g4mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.