jianyan74/rageframe2

jianyan74/rageframe2

www.rageframe.com

Releases19

Frequency4 weeks 22 hours

Last Release about 6 years ago

Stars1.71K

一个基于 Yii2 高级框架的快速开发应用引擎

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-30878 ↗	Apr 11, 2024Thursday, 11 April 2024, 05:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.
CVE-2024-30879 ↗	Apr 11, 2024Thursday, 11 April 2024, 05:15	6.1 MEDIUM	—
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.
CVE-2024-30880 ↗	Apr 11, 2024Thursday, 11 April 2024, 05:15	5.4 MEDIUM	—
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.
CVE-2024-30883 ↗	Apr 11, 2024Thursday, 11 April 2024, 05:15	4.7 MEDIUM	—
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.
CVE-2022-36530 ↗	Aug 16, 2022Tuesday, 16 August 2022, 13:15	6.1 MEDIUM	—
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.