Moderate severityGHSA Advisory· Published Nov 22, 2021· Updated Sep 17, 2024

Cross-site Scripting (XSS)

CVE-2021-23673

Description

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pekeuploadnpm	<= 2.1.1	—

Affected products

Moxiecode/PluploadGHSA
Range: <= 2.1.1
ghsa-coords
pkg:npm/pekeupload
Range: <= 2.1.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-89q5-mj78-pw5wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-23673ghsaADVISORY
github.com/moxiecode/plupload/blob/120cc0b5dd3373d7181fd11b06ac2557c890d3f0/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226ghsax_refsource_MISCWEB
snyk.io/vuln/SNYK-JS-PEKEUPLOAD-1584360ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000