Описание
Cross-site Scripting in GwtUpload
The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename.
Пакеты
Наименование
com.googlecode.gwtupload:gwtupload
maven
Затронутые версииВерсия исправления
<= 1.0.3
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
почти 6 лет назад
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.