Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
rAthena FluxCP Service Desk Image URL view.php cross site scripting
Vulnerability Description
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
对消息或数据结构的处理不恰当
Vulnerability Title
FluxCP 跨站脚本漏洞
Vulnerability Description
FluxCP是rAthena开源的一个基于 web 的控制面板。用于用 PHP 编写的 rAntha 服务器。 rAthena FluxCP 前版本存在安全漏洞,该漏洞源于组件Service Desk Image URL Handler的文件 themes/default/servicedesk/view.php 的一个未知函数,操纵参数 sslink 会导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A