Fluxcp
by Rathena
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62797 | Hig | 0.56 | — | 0.00 | Oct 29, 2025 | FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery (CSRF) vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated… | ||
| CVE-2024-45799 | 0.00 | — | 0.00 | Sep 16, 2024 | FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the… | |||
| CVE-2022-4421 | 0.00 | — | 0.00 | Dec 12, 2022 | A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site… |
- risk 0.56cvss —epss 0.00
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery (CSRF) vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated…
- CVE-2024-45799Sep 16, 2024risk 0.00cvss —epss 0.00
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the…
- CVE-2022-4421Dec 12, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site…