Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30110 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser. | |||||
CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
CVE-2018-13408 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | |||||
CVE-2018-11351 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter. | |||||
CVE-2018-11350 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | |||||
CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. |