Vulnerabilities

CVE-2021-23562

by Fred · 03/12/2021

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

Date published : 2021-12-03

https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226

https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb

Similar

Tags: Cybersecurity Alert