mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-22 14:06:54 +02:00
0xMarcio
961 B
961 B
CVE-2018-11351
Description
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
POC
Reference
Github
No PoCs found on GitHub currently.