35 matches found
CVE-2020-24026
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explainfirst and againexplain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scriptin...
EUVD-2020-16762
Malware in sbrugna...
EUVD-2022-39238
Malicious code in bioql PyPI...
CVE-2024-30880
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...
CVE-2024-30883
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
CVE-2024-30878
A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...
CVE-2022-36530
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...
CVE-2024-30883
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...
CVE-2024-30878
A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...
CVE-2024-30880
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...
PT-2024-23652 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: The issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. This is...
RageFrame2 安全漏洞
rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...
CVE-2024-30880
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...
CVE-2024-30878
A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...
RageFrame2 安全漏洞
rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
RageFrame2 安全漏洞
rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, Jianyan jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a cross-site scripting XSS vulnerability that could all...
PT-2024-23651 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...
CVE-2024-30879
RageFrame2 v2.6.43 is affected by a reflected Cross-Site Scripting (XSS) vulnerability. A crafted payload injected into the boxId parameter of the image cropping function can allow remote attackers to execute arbitrary web scripts or HTML and potentially access sensitive information. Public detai...