You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.
Details
RageFrame2 2.6.43 does not sufficiently filter the boxid parameter, allowing an attacker to insert arbitrary html code by prematurely ending the script tag with the </script> closing.
Summary
RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.
Details
RageFrame2 2.6.43 does not sufficiently filter the boxid parameter, allowing an attacker to insert arbitrary html code by prematurely ending the script tag with the </script> closing.
Proof of Concept (POC)
http://your-ip/backend/file/selector?boxId=1</script><script>alert(%27test%27)</script>&multiple=0&upload_drive=local&upload_type=imagesThe text was updated successfully, but these errors were encountered: