8 matches found
CVE-2026-1466
CVE-2026-1466 concerns Jirafeau, where the MIME-type based preview guard (image/* except image/svg+xml, plus video/audio) could be bypassed by sending a crafted request with an invalid MIME type (e.g., image). During preview, browsers may sniff the MIME type and detect SVG, potentially executing ...
Jirafeau cross-site scripting vulnerability
Jirafeau is a simple method for uploading files developed by Jérôme Jutteau. Jirafeau has a cross-site scripting vulnerability; this vulnerability arises from the ability to bypass preview restrictions by sending HTTP requests with invalid MIME types, potentially leading to cross-site scripting...
Linux Distros Unpatched Vulnerability : CVE-2023-32683
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist...
Jirafeau 跨站脚本漏洞
Jirafeau is a simple method of uploading files by the individual developer Jérôme Jutteau. Jirafeau suffers from a cross-site scripting vulnerability that stems from case-insensitive MIME type checking of SVG files, which allows bypassing browser preview restrictions by modifying the case of...
SUSE CVE-2023-32683
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...
PYSEC-2023-85
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...
Server side request forgery (ssrf)
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link...