jQuery-Upload-File XSS in fileNameStr · CVE-2021

2022年2月25日 — A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary ...

The issue arises due to the lack of file validation and exclusion of file types. As a result, attackers can upload a malicious file with a disguised extension, ...

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions ...

The CVE-2018-9207 vulnerability in the jquery-file-upload package allows for arbitrary file uploads with dangerous types, posing a significant risk of remote ...

沒有這個頁面的資訊。

2018年12月13日 — Article explains jQuery-File-Upload RCE, IDOR and Unauthenticated file upload vulnerabilities, code examples and a proof of concept video.

2022年11月28日 — This vulnerability allows attackers to upload and execute files on your server if exploited. Those files could be backdoors, web shells, or anything malicious.

2018年10月11日 — jQuery-File-Upload 9.22.0 - Arbitrary File Upload. CVE-2018-9206 . webapps exploit for PHP platform.

jQuery Upload File plugin provides Multiple file Uploads with progress bar. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, ...

2018年10月25日 — CVE-2018-9206 · OWASP - Unrestricted File Upload. Open redirect vulnerability in the GAE components. Fixed: 2015-06-12 (GMT). The sample Google ...