CVE-2020-9447

Опубликовано: 28 фев. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.

Ссылки

https://github.com/manolo/gwtupload/issues/32
Exploit
Issue Tracking
Third Party Advisory
https://www.coresecurity.com/advisories/gwtupload-xss-file-upload-functionality
Exploit
Third Party Advisory
https://github.com/manolo/gwtupload/issues/32
Exploit
Issue Tracking
Third Party Advisory
https://www.coresecurity.com/advisories/gwtupload-xss-file-upload-functionality
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gwtupload_project:gwtupload:1.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00305

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5chj-xprr-7qqx