CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

CVE-2024-30880

Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...

PT-2024-23652 · Unknown · Rageframe2

Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: The issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. This is...

RageFrame2 安全漏洞

rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...

RageFrame2 安全漏洞

rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...

PT-2023-23867 · Unknown · Chatwork Desktop Application

Name of the Vulnerable Software and Affected Versions: Chatwork Desktop Application Mac versions 2.6.43 and earlier Description: A code injection issue exists, allowing a non-administrative user of the Mac where the product is installed to store and obtain audio and image data from the product...