The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.
CPE | Name | Operator | Version |
---|---|---|---|
tad_uploader | lt | 3.5.4 |