Rageframe: Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-11
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-11
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-11
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-04-11
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-16