Filtered by vendor Rathena Subscriptions
Filtered by product Fluxcp Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-4421 1 Rathena 1 Fluxcp 2024-11-21 3.5 Low
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304.
CVE-2024-45799 1 Rathena 1 Fluxcp 2024-09-20 7.3 High
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.