Jirafeau
by Mojo42
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1466 | 0.00 | — | 0.00 | Jan 28, 2026 | Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with… | |||
| CVE-2025-7066 | 0.00 | — | 0.00 | Jul 4, 2025 | Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with… | |||
| CVE-2024-12326 | 0.00 | — | 0.00 | Dec 6, 2024 | Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was… | |||
| CVE-2022-30110 | 0.00 | — | 0.01 | May 17, 2022 | The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this… | |||
| CVE-2018-11351 | 0.00 | — | 0.01 | Jul 7, 2018 | script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These… | |||
| CVE-2018-11349 | 0.00 | — | 0.01 | Jul 7, 2018 | The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | |||
| CVE-2018-11350 | 0.00 | — | 0.01 | Jul 7, 2018 | An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | |||
| CVE-2018-13408 | 0.00 | — | 0.01 | Jul 6, 2018 | An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||
| CVE-2018-13407 | 0.00 | — | 0.00 | Jul 6, 2018 | A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | |||
| CVE-2018-13409 | 0.00 | — | 0.01 | Jul 6, 2018 | An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. |
- CVE-2026-1466Jan 28, 2026risk 0.00cvss —epss 0.00
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with…
- CVE-2025-7066Jul 4, 2025risk 0.00cvss —epss 0.00
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with…
- CVE-2024-12326Dec 6, 2024risk 0.00cvss —epss 0.00
Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was…
- CVE-2022-30110May 17, 2022risk 0.00cvss —epss 0.01
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this…
- CVE-2018-11351Jul 7, 2018risk 0.00cvss —epss 0.01
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These…
- CVE-2018-11349Jul 7, 2018risk 0.00cvss —epss 0.01
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
- CVE-2018-11350Jul 7, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter.
- CVE-2018-13408Jul 6, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
- CVE-2018-13407Jul 6, 2018risk 0.00cvss —epss 0.00
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.
- CVE-2018-13409Jul 6, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.