6 matches found
CVE-2021-23562
creationtimestamp| type| source ---|---|--- 2021-12-03 22:38:15+00:00| seen| https://t.me/cibsecurity/33340 2025-10-31 21:02:39+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m4jerlxiuw2w...
CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...
CVE-2021-23562
This CVE affects the plupload package prior to v2.3.9. The vulnerability allows a file name containing JavaScript code to be uploaded and executed, requiring social engineering to entice a user to upload such a file. The root cause is insufficient validation of uploaded file names that may contai...
CVE-2021-23562 Arbitrary File Upload
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...
@gdyfe/tools (>=1.0.0 <=1.0.10), icetest-test (=1.0.1) +6 more potentially affected by CVE-2021-23562 via plupload (>=2.3.2 <=2.3.6)
plupload NPM version =2.3.2, =1.0.0, =1.0.1, =1.0.0, =0.0.28, =0.2.4, =1.0.5, =0.0.0, =0.0.37 Source cves: CVE-2021-23562 Source advisory: SNYK:JS-PLUPLOAD-1583909...
VulnCheck KEV: CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...