Rageframe

rageframe

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-30883 1Rageframe 1Rageframe Jun 17, 2026 Apr 11, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRa...Show more Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.Show less
CVE-2024-30880 1Rageframe 1Rageframe Jun 17, 2026 Apr 11, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple...Show more Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.Show less
CVE-2024-30879 1Rageframe 1Rageframe Jun 17, 2026 Apr 11, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId pa...Show more Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.Show less
CVE-2024-30878 1Rageframe 1Rageframe Jun 17, 2026 Apr 11, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive par...Show more A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.Show less
CVE-2022-36530 1Rageframe 1Rageframe Jun 17, 2026 Aug 16, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.