1 results (0.000 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30878
https://notcve.org/view.php?id=CVE-2024-30878
11 Apr 2024 — A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. Vulnerabilidad decross-site scripting (XSS) en RageFrame2 v2.6.43 permite a atacantes remotos ejecutar scripts web o HTML arbitrarios y obtener información confidencial a través de un payload manipulado inyectado en el parámetro upload_drive. • https://github.com/jianyan74/rageframe2/issues/111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •