Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS)
Vulnerability Description
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
PekeUpload 跨站脚本漏洞
Vulnerability Description
PekeUpload是哥伦比亚Pedro Molina个人开发者的一个 Jquery Html5 文件上传插件。 pekeUpload存在跨站脚本漏洞,该漏洞的存在是由于对用户提供的数据没有进行充分的清理。远程攻击者可利用该漏洞可以诱骗受害者遵循一个特别制作的链接,并在用户的浏览器中执行任意的HTML和脚本代码,在易受攻击的网站。公开的漏洞允许远程攻击者可利用该漏洞执行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A