CVE-2018-11351
NONE EPSS 64.7%
Published Jul 7, 20187y ago · Modified Jun 17, 20262w ago
Published Jul 7, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
Threat Intelligence
EPSS Exploit Probability
64.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| jirafeau | jirafeau | * | <3.4.1 |
References 1
- bishopfox.com https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.