Shodan
Vulnerabilities
Vulnerable Software
Jirafeau:  Security Vulnerabilities
CVE-2022-30110
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-05-17
CVE-2018-11349
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-07
CVE-2018-11350
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-07-07
CVE-2018-11351
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-07-07
CVE-2018-13407
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-07-06
CVE-2018-13408
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-06
CVE-2018-13409
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved