3 matches found
CVE-2022-30110
The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...
CVE-2022-30110
The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...
CVE-2022-30110
CVE-2022-30110 affects Jirafeau prior to version 4.4.0, where the File Preview feature (enabled by default) can execute injected JavaScript when an attacker uploads image/svg+xml files and a user visits the File Preview URL. This constitutes a cross-site scripting vector via preview rendering. Th...