CVE-2024-12326

Name of the Vulnerable Software and Affected Versions Jirafeau (affected versions not specified)

Description The issue concerns a case insensitive MIME type bypass that enables SVG XSS in Jirafeau. Normally, Jirafeau prevents browser preview for SVG files to prevent cross-site scripting exploitation. However, it was possible to bypass this protection by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed. The check for image/svg+xml has been changed to be case insensitive to address this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.