CVE-2024-5408

Name of the Vulnerable Software and Affected Versions: RhinOS versions 3.0-1190

Description: The issue allows a remote attacker to steal user session details by submitting a specially crafted URL, exploiting an XSS vulnerability through the search parameter of the "/portal/search.htm" API endpoint.

Recommendations: For RhinOS versions 3.0-1190, as a temporary workaround, consider restricting access to the "/portal/search.htm" endpoint or sanitizing the search parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.