Filtered by vendor Jirafeau
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2024-09-17 | N/A |
| A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | ||||
| CVE-2018-13408 | 1 Jirafeau | 1 Jirafeau | 2024-09-17 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | ||||
| CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2024-09-16 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | ||||
| CVE-2018-11351 | 1 Jirafeau | 1 Jirafeau | 2024-08-05 | N/A |
| script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter. | ||||
| CVE-2018-11350 | 1 Jirafeau | 1 Jirafeau | 2024-08-05 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | ||||
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2024-08-05 | N/A |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | ||||
| CVE-2022-30110 | 1 Jirafeau | 1 Jirafeau | 2024-08-03 | 6.1 Medium |
| The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser. | ||||
Page 1 of 1.