CVE-2021-23673

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/plupload

Identifiers

CVE-2021-23673

Package Slug

npm/plupload

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.

Affected Versions

All versions

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-11-25

source