1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23562 – Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-23562
03 Dec 2021 — This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. Esto afecta al paquete plupload versiones anteriores a 2.3.9. Un nombre de archivo que contenga código JavaScript podría ser cargado y ejecutado. • https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226 • CWE-434: Unrestricted Upload of File with Dangerous Type •