Vulnerabilities (CVE)

Filtered by vendor Jirafeau Subscribe
Filtered by product Jirafeau
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30110 1 Jirafeau 1 Jirafeau 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.
CVE-2018-11350 1 Jirafeau 1 Jirafeau 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter.
CVE-2018-11349 1 Jirafeau 1 Jirafeau 2024-02-04 6.8 MEDIUM 8.8 HIGH
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
CVE-2018-13407 1 Jirafeau 1 Jirafeau 2024-02-04 5.5 MEDIUM 4.9 MEDIUM
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.
CVE-2018-13408 1 Jirafeau 1 Jirafeau 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
CVE-2018-11351 1 Jirafeau 1 Jirafeau 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
CVE-2018-13409 1 Jirafeau 1 Jirafeau 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.