Lucene search
PRIOn knowledge basePRION:CVE-2021-37504HistoryFeb 25, 2022 - 7:15 p.m.
Cross site scripting
2022-02-2519:15:00
PRIOn knowledge base
www.prio-n.com
3
0.002 Low
EPSS
Percentile
56.6%
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jquery_upload_file | eq | 4.0.11 |
References
hayageek.github.io/jQuery-Upload-File/4.0.11/jquery.uploadfile.min.js
hayageek.github.io/jQuery-Upload-File/4.0.11/uploadfile.css
haygeek.com
jquery-upload-file.com
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
github.com/hayageek/jquery-upload-file/blob/master/js/jquery.uploadfile.js
raw.githubusercontent.com/hayageek/jquery-upload-file/master/js/jquery.uploadfile.js
Related
cve
cve
CVE-2021-37504
2022-02-25 19:15:12
cnvd
cnvd
Hayageek Jquery Upload File Cross-Site Scripting Vulnerability
2022-03-01 00:00:00
nvd
nvd
CVE-2021-37504
2022-02-25 19:15:12
osv
osv
jQuery-Upload-File XSS in fileNameStr
2022-02-26 00:00:39
cvelist
cvelist
CVE-2021-37504
2022-02-25 18:15:47
github
github
jQuery-Upload-File XSS in fileNameStr
2022-02-26 00:00:39