4 matches found
CVE-2025-7066
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...
CVE-2025-7066
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...
CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...
CVE-2025-7066
CVE-2025-7066 details a MIME-type check bypass in Jirafeau that could allow browser previews to misuse text/html via crafted MIME types (e.g., image/png,text/html). Connected documents extend this to CVE-2026-1466, describing a bypass via invalid MIME types (image) during preview, which triggers ...