Jirafeau

Jirafeau

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-1466

  • EPSS 0.01%
  • Veröffentlicht 28.01.2026 06:33:15
  • Zuletzt bearbeitet 12.02.2026 20:43:24

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview f...

6.1

CVE-2025-7066

  • EPSS 0.02%
  • Veröffentlicht 04.07.2025 12:15:35
  • Zuletzt bearbeitet 14.08.2025 14:00:20

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview f...

6.1

CVE-2024-12326

  • EPSS 0.09%
  • Veröffentlicht 06.12.2024 21:15:05
  • Zuletzt bearbeitet 05.08.2025 17:49:09

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type ...

6.1

CVE-2022-30110

  • EPSS 0.14%
  • Veröffentlicht 17.05.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 07:02:10

The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, ...

8.8

CVE-2018-11349

Exploit
  • EPSS 0.17%
  • Veröffentlicht 07.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:11

The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.

6.1

CVE-2018-11350

Exploit
  • EPSS 0.35%
  • Veröffentlicht 07.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:11

An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter.

6.1

CVE-2018-11351

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:11

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or...

5.5

CVE-2018-13407

Exploit
  • EPSS 0.15%
  • Veröffentlicht 06.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:02

A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.

6.1

CVE-2018-13408

Exploit
  • EPSS 0.33%
  • Veröffentlicht 06.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:03

An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.

6.1

CVE-2018-13409

Exploit
  • EPSS 0.33%
  • Veröffentlicht 06.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:03

An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.