Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jirafeau 跨站脚本漏洞
Vulnerability Description
Jirafeau是一套文件共享网站系统。 Jirafeau 3.4.1之前版本中的script.php文件存在跨站脚本漏洞。远程攻击者可借助‘Content-Type’和‘filename’参数利用该漏洞执行JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A