CVE-2024-5408

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5408
Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://github.com/josepsanzcamp/RhinOS Product
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos Third Party Advisory
https://github.com/josepsanzcamp/RhinOS Product
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:saltos:rhinos:3.0:1190:*:*:*:*:*:*
History

05 Jun 2025, 15:31

Type Values Removed Values Added
CPE cpe:2.3:a:saltos:rhinos:3.0:1190:*:*:*:*:*:*
First Time Saltos rhinos
Saltos
References () https://github.com/josepsanzcamp/RhinOS - () https://github.com/josepsanzcamp/RhinOS - Product
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - Third Party Advisory

21 Nov 2024, 09:47

Type Values Removed Values Added
References () https://github.com/josepsanzcamp/RhinOS - () https://github.com/josepsanzcamp/RhinOS -
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos -

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en RhinOS 3.0-1190 consistente en un XSS a través del parámetro "buscar" de /portal/search.htm. Esta vulnerabilidad podría permitir que un atacante remoto robe detalles de la sesión de usuario de una víctima enviando una URL especialmente manipulada.

27 May 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-27 13:15

Updated : 2025-06-05 15:31

NVD link : CVE-2024-5408

Mitre link : CVE-2024-5408

CVE.ORG link : CVE-2024-5408

JSON object : View

Products Affected

saltos

  • rhinos
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')