Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS)
Vulnerability Description
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
file-upload-with-preview 跨站脚本漏洞
Vulnerability Description
file-upload-with-preview是一个简单的文件上传实用程序,显示上传图像的预览。用纯 JavaScript 编写。没有依赖性。适用于 Bootstrap 4 或不使用框架。 file-upload-with-preview 存在跨站脚本漏洞,该漏洞源于可以上传名称中包含恶意 JavaScript 代码的文件(需要诱使用户上传此类文件)。
CVSS Information
N/A
Vulnerability Type
N/A