Patrick Canterino

Name of the Vulnerable Software and Affected Versions: Jirafeau (affected versions not specified) Description: The issue concerns a MIME Type Bypass Cross-Site Scripting vulnerability in Jirafeau. Normally, Jirafeau prevents browser preview for text files to prevent potential cross-site scripting exploits, especially for files like SVG and HTML documents. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jirafeau (affected versions not specified) **Description** The issue concerns a case insensitive MIME type bypass that enables SVG XSS in Jirafeau. Normally, Jirafeau prevents browser preview for SVG files to prevent cross-site scripting exploitation. However, it was possible to bypass this protection by sending a manipulated MIME type during the upload, where the case of any letter in `image/svg+xml` had been changed. The check for `image/svg+xml` has been changed to be case insensitive to address this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.