9 matches found
EUVD-2018-5352
Malware in sbrugna...
EUVD-2018-3387
Malware in sbrugna...
EUVD-2018-5351
Malware in sbrugna...
EUVD-2022-4263
Malicious code in bioql PyPI...
PT-2025-27947
Name of the Vulnerable Software and Affected Versions: Jirafeau affected versions not specified Description: The issue concerns a MIME Type Bypass Cross-Site Scripting vulnerability in Jirafeau. Normally, Jirafeau prevents browser preview for text files to prevent potential cross-site scripting...
CVE-2022-30110
The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...
CVE-2018-13409
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges...
CVE-2018-13408
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges...
Cross-site Scripting (XSS)
Overview mojo42/jirafeau is a provides a simple way to upload a file. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the manipulation of MIME types during the upload process. An attacker can execute scripts in the context of the user's browser session. Details...