exploitDog

CVE-2024-30879

Опубликовано: 11 апр. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.

Ссылки

https://github.com/jianyan74/rageframe2/issues/114
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jianyan74/rageframe2/issues/114
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rageframe:rageframe:2.6.43:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.0007

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v7v6-3chw-vv8j

CVSS3: 6.1

github

почти 2 года назад

Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.

EPSS

Процентиль: 21%

0.0007

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79