CVE-2025-7066

{"id": "CVE-2025-7066", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-07-04T12:15:35.740", "references": [{"url": "https://gitlab.com/jirafeau/Jirafeau/-/commit/79464ec6276e8eb0e0b0ad597db02b85080d2b63", "tags": ["Patch"], "source": "cve@gitlab.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-30110", "tags": ["Third Party Advisory"], "source": "cve@gitlab.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-12326", "tags": ["Third Party Advisory"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma."}, {"lang": "es", "value": "Jirafeau normalmente impide la vista previa del navegador para archivos de texto debido a la posibilidad de que, por ejemplo, documentos SVG y HTML pudieran ser explotados para ataques de cross site scripting. Esto se lograba almacenando el tipo MIME de un archivo y permitiendo solo la vista previa del navegador para tipos MIME que empiezan por imagen (excepto para image/svg+xml, v\u00e9anse CVE-2022-30110 y CVE-2024-12326), v\u00eddeo y audio. Sin embargo, era posible omitir esta comprobaci\u00f3n enviando un tipo MIME manipulado que conten\u00eda una coma y otro tipo MIME como text/html (por ejemplo, image/png,text/html). Los navegadores ven m\u00faltiples tipos MIME y text/html tendr\u00eda prioridad, lo que permitir\u00eda a un posible atacante realizar un ataque de cross site scripting. La comprobaci\u00f3n de tipos MIME se mejor\u00f3 para evitar la vista previa del navegador cuando el tipo MIME almacenado contiene una coma."}], "lastModified": "2025-08-14T14:00:20.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jirafeau:jirafeau:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889B7727-FB6E-484A-B66F-490BDD78D17A", "versionEndExcluding": "4.6.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}