26 matches found
CVE-2025-62797
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
CVE-2025-62797
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
CVE-2025-62797
FluxCP CSRF in the FluxCP-based website template for rAthena servers (PHP) allows state-changing POST requests to be executed via a logged-in user without per-request anti-CSRF tokens or robust Origin/Referer validation. An attacker luring a user to a malicious page can force actions on the user’...
PT-2025-44329
Name of the Vulnerable Software and Affected Versions FluxCP affected versions not specified Description FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF issue exists in the website template used by multiple rAthena/Ragnarok server...
FluxCP 安全漏洞
FluxCP is an open source web-based control panel by rAthena. for rAntha servers written in PHP. A security vulnerability exists in FluxCP that stems from a state-altering POST endpoint that accepts requests initiated by browsers authorized only by a session cookie, which could lead to a cross-sit...
EUVD-2024-41607
Malicious code in bioql PyPI...
EUVD-2022-51766
Malicious code in bioql PyPI...
CVE-2022-4421
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...
CVE-2024-45799
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...
CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...
CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...
CVE-2024-45799
Affected software: FluxCP web-based control panel for rAthena servers. Vulnerability: JavaScript injection via un sanitised content on venders/buyers list pages and shop names. Root cause / how it works: Unsanitised data in the shop-related pages allows injecting arbitrary JavaScript code that is...
CVE-2024-45799 Javascript Injection in Vending Info/Buyers Info Module in FluxCP
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...
FluxCP 安全漏洞
FluxCP is an open source web-based control panel by rAthena. It is used for rAntha servers written in PHP. A security vulnerability exists in FluxCP versions prior to 1.3 that stems from unfiltered venders/buyers listings pages and store names that allow the execution of arbitrary javascript code...
PT-2024-31780 · Fluxcp · Fluxcp
Name of the Vulnerable Software and Affected Versions: FluxCP versions prior to 1.3 Description: A JavaScript injection is possible via vendors/buyers list pages and shop names that are not sanitized, allowing the execution of arbitrary JavaScript code on the user's browser. This can result in th...
CVE-2022-4421
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...
CVE-2022-4421
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...