Yann Cam

#8757of 53,635
31.2Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2026-5062
6.1
2026-01-28
Jirafeau · Jirafeau · CVE-2026-1466
CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. Th… https://t.co/rSEVfvxJRR
PT-2025-29557
8.7
2025-07-15
Ipfire · Ipfire · CVE-2025-34116
**Name of the Vulnerable Software and Affected Versions** IPFire versions prior to 2.19 Core Update 101 **Description** A remote command execution issue exists in IPFire due to a flaw in the `proxy.cgi` CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, resulting in command execution with web server privileges. **Recommendations** Update to version 2.19 Core Update 101 or later.
PT-2025-27947
6.1
2025-07-04
Jirafeau · Jirafeau · CVE-2025-7066
Name of the Vulnerable Software and Affected Versions: Jirafeau (affected versions not specified) Description: The issue concerns a MIME Type Bypass Cross-Site Scripting vulnerability in Jirafeau. Normally, Jirafeau prevents browser preview for text files to prevent potential cross-site scripting exploits, especially for files like SVG and HTML documents. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-17544
6.1
2024-12-06
Jirafeau · Jirafeau · CVE-2024-12326
**Name of the Vulnerable Software and Affected Versions** Jirafeau (affected versions not specified) **Description** The issue concerns a case insensitive MIME type bypass that enables SVG XSS in Jirafeau. Normally, Jirafeau prevents browser preview for SVG files to prevent cross-site scripting exploitation. However, it was possible to bypass this protection by sending a manipulated MIME type during the upload, where the case of any letter in `image/svg+xml` had been changed. The check for `image/svg+xml` has been changed to be case insensitive to address this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-24310
4.2
2024-07-15
Stormshield · Stormshield Network Security · CVE-2024-31946
**Name of the Vulnerable Software and Affected Versions** Stormshield Network Security (SNS) versions 3.7.0 through 3.7.41 Stormshield Network Security (SNS) versions 3.10.0 through 3.11.29 Stormshield Network Security (SNS) versions 4.0 through 4.3.24 Stormshield Network Security (SNS) versions 4.4.0 through 4.7.4 **Description** A user with write access to the email alerts page in Stormshield Network Security (SNS) can create an alert email containing malicious JavaScript. This malicious JavaScript is executed by the template preview. **Recommendations** For versions 3.7.0 through 3.7.41, update to version 3.7.42 to resolve the issue. For versions 3.10.0 through 3.11.29, update to version 3.11.30 to resolve the issue. For versions 4.0 through 4.3.24, update to version 4.3.25 to resolve the issue. For versions 4.4.0 through 4.7.4, update to version 4.7.5 to resolve the issue.