Open
Description
Summary
RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.
Details
RageFrame2 2.6.43 does not sufficiently filter the upload_drive parameter, allowing an attacker to insert arbitrary html code by prematurely ending the script tag with the </script> closing.
Proof of Concept (POC)
http(s)://your-ip/backend/file/selector?boxId=1&multiple=0&upload_drive=local%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&upload_type=images

Metadata
Metadata
Assignees
Labels
No labels