Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jirafeau 跨站脚本漏洞
Vulnerability Description
Jirafeau是Jérôme Jutteau个人开发者的一种上传文件的简单方法。 Jirafeau 4.4.0之前版本存在安全漏洞,该漏洞源于默认启用的文件预览功能可被用于跨站点脚本。攻击者利用该漏洞上传包含 JavaScript 的 image/svg+xml 文件,当有人访问此文件的 URL 时,此 image/svg+xml 文件中的 JavaScript 将在用户的浏览器中执行。
CVSS Information
N/A
Vulnerability Type
N/A