Описание
Cross-site Scripting in Jirafeau
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.
Пакеты
Наименование
mojo42/jirafeau
composer
Затронутые версииВерсия исправления
< 4.4.0
4.4.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 3 лет назад
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.