CVE-2024-30879

Name of the Vulnerable Software and Affected Versions RageFrame2 version 2.6.43

Description The issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. This is a Reflected Cross Site Scripting (XSS) vulnerability.

Recommendations For RageFrame2 version 2.6.43, consider disabling the image cropping function until a patch is available to prevent exploitation of the boxId parameter. Restrict access to this function to minimize the risk of sensitive information being obtained by attackers.