Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/07/06 12:18 p.m.7 views

CVE-2025-7066

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5.7AI score0.00566EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.10 views

CVE-2025-7066

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/04 12:2 p.m.9 views

CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/07/04 12:2 p.m.21 views

CVE-2025-7066

CVE-2025-7066 details a MIME-type check bypass in Jirafeau that could allow browser previews to misuse text/html via crafted MIME types (e.g., image/png,text/html). Connected documents extend this to CVE-2026-1466, describing a bypass via invalid MIME types (image) during preview, which triggers ...

6.1CVSS5.7AI score0.0026EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder