You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.
Details
RageFrame2 2.6.43 does not filter multiple parameters enough to allow an attacker to insert arbitrary html code by prematurely ending the ul tag with double quotes.
Summary
RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.
Details
RageFrame2 2.6.43 does not filter multiple parameters enough to allow an attacker to insert arbitrary html code by prematurely ending the ul tag with double quotes.
Proof of Concept (POC)
http(s)://your-ip/backend/file/selector?boxId=1&multiple=0&upload_drive=local%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&upload_type=images
The text was updated successfully, but these errors were encountered: