mojo42/Jirafeau
Releases18
Frequency6 months 3 weeks
Last Release
Stars274
Jirafeau: a simple way to upload a file
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.1 MEDIUM | 4.3 MEDIUM | ||
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser. | |||