PT-2024-23654 · Unknown · Rageframe2
Hebing123
·
Published
2024-04-11
·
Updated
2024-08-01
·
CVE-2024-30880
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RageFrame2 version 2.6.43
Description
A Reflected Cross Site Scripting (XSS) issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the
multiple parameter in the image cropping function.Recommendations
For RageFrame2 version 2.6.43, consider disabling the image cropping function until a patch is available to prevent exploitation of the Reflected Cross Site Scripting (XSS) issue. Restrict access to the
multiple parameter in the image cropping function to minimize the risk of sensitive information disclosure.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rageframe2