npm package
jquery-file-upload
pkg:npm/jquery-file-upload
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37504 | — | <= 4.0.11 | — | Feb 25, 2022 | A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | ||
| CVE-2018-9207 | — | < 4.0.5 | 4.0.5 | Nov 19, 2018 | Arbitrary file upload in jQuery Upload File <= 4.0.2 |
- CVE-2021-37504Feb 25, 2022affected <= 4.0.11
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
- CVE-2018-9207Nov 19, 2018affected < 4.0.5fixed 4.0.5
Arbitrary file upload in jQuery Upload File <= 4.0.2