35 matches found
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
RageFrame2 安全漏洞
rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...
PT-2024-23651 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload drive parameter...
CVE-2022-36530
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...
CVE-2022-36530
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...
Code injection
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...
CVE-2022-36530
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...
CVE-2022-36530
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page...
CVE-2022-36530
CVE-2022-36530 affects rageframe2 version 2.6.37, describing an XSS vulnerability in the user agent related parameters of the info.php page. The cited sources consistently indicate this is a cross-site scripting issue, but do not provide explicit exploit details, affected build ranges beyond 2.6....
rageframe2 跨站脚本漏洞
rageframe2 is a rapid development application engine based on the Yii2 Advanced Framework by the individual developer Jianyan74. A security vulnerability exists in rageframe2 version 2.6.37, which is caused by an XSS vulnerability in the user-agent related parameters of the info.php page...
PT-2022-23450 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: rageframe2 version 2.6.37 Description: An issue was discovered in the user agent related parameters of the info.php page, specifically a XSS vulnerability. Recommendations: For rageframe2 version 2.6.37, consider restricting access to the...
CVE-2020-24026
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explainfirst and againexplain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scriptin...
CVE-2020-24026
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explainfirst and againexplain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scriptin...
CVE-2020-24026
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explainfirst and againexplain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scriptin...
CVE-2020-24026
CVE-2020-24026 concerns TinyShop 1.2.0 (RageFrame2). The vulnerability is a stored XSS via the explain_first and again_explain parameters of /evaluate/index.php, allowing remote exploitation that can lead to XSS or information disclosure. All concrete details provided relate to TinyShop’s version...