CVE-2018-11351
Last modified
CVE-2018-11351 is a vulnerability of currently unknown severity. script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. EPSS estimates a 1.21% chance of exploitation in the next 30 days.
Description
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jirafeau | Jirafeau | < 3.4.1 |
References
- https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/Exploit, Third Party Advisory
- https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11351?
How severe is CVE-2018-11351?
How do I fix CVE-2018-11351?
Are you affected by CVE-2018-11351?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST