CVE-2022-4421

Name of the Vulnerable Software and Affected Versions rAthena FluxCP (affected versions not specified)

Description A vulnerability was found in the Service Desk Image URL Handler component of rAthena FluxCP, affecting an unknown function of the file themes/default/servicedesk/view.php. The manipulation of the sslink argument leads to cross-site scripting. It is possible to launch the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. As a temporary workaround, consider restricting access to the view.php file in the themes/default/servicedesk directory until a patch is available. Additionally, avoid using the sslink argument in the affected API endpoint until the issue is resolved.