CVE-2022-30110

The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...

CVE-2022-30110

CVE-2022-30110 affects Jirafeau prior to version 4.4.0, where the File Preview feature (enabled by default) can execute injected JavaScript when an attacker uploads image/svg+xml files and a user visits the File Preview URL. This constitutes a cross-site scripting vector via preview rendering. Th...

Jirafeau 跨站脚本漏洞

Jirafeau is an easy way to upload files by the individual developer Jérôme Jutteau. A security vulnerability exists in Jirafeau versions prior to 4.4.0, which stems from a file preview feature enabled by default that can be used for cross-site scripting. An attacker could use this vulnerability t...

[SECURITY] Fedora 34 Update: nautilus-40~rc-1.fc34

Nautilus is the file manager and graphical shell for the GNOME desktop that makes it easy to manage your files and the rest of your system. It allows to browse directories on local and remote filesystems, preview files and launch applications associated with them. It is also responsible for...

CVE-2020-27900

An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to...

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-26076)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A cross-site scripting vulnerability exists in the SVG file preview in GitLab, which can be exploit...

CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

Code injection

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

CVE-2020-13339

GitLab CVE-2020-13339 affects all versions before 13.2.10, 13.3.7 and 13.4.2 with an XSS issue in the SVG File Preview. The vulnerability target is GitLab’s SVG preview rendering, and overall impact is limited because only the current user is affected. Connected sources reiterate the same affecte...

CVE-2020-13339

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted...

CVE-2020-13339

Removed by vendor...

PT-2020-13480 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab, where there is an XSS in SVG File Preview. The overall impact is limited, as only the curren...

CVE-2016-11063

An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview...

CVE-2016-11063

An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview...

CVE-2019-10047

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be use...

Cross site scripting

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be use...

CVE-2019-10047

CVE-2019-10047 is a stored XSS vulnerability in Pydio Core ≤ 8.2.2, exploitable via the file upload and file preview features of the web application. An authenticated attacker can upload an HTML file containing JavaScript and a subsequent file-preview URL can render that file, causing the script ...