Skip to main content

Rhinos

4 CVEs product

Monthly

CVE-2024-5409 MEDIUM This Month

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Rhinos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5408 MEDIUM This Month

Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rhinos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5407 CRITICAL Act Now

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Rhinos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2018-18760 MEDIUM POC This Month

RhinOS 3.0 build 1190 allows CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rhinos
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.6%
EPSS 0% CVSS 6.1
MEDIUM This Month

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Rhinos
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rhinos
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

RhinOS 3.0 build 1190 allows CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rhinos
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy