CVE-2020-9447
N/A
N/A
Summary
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/manolo/gwtupload/issues/32
- https://www.coresecurity.com/advisories/gwtupload-xss-file-upload-functionality
References
- https://github.com/manolo/gwtupload/issues/32
- https://www.coresecurity.com/advisories/gwtupload-xss-file-upload-functionality
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.