Cross-site Scripting in file-upload-with-preview

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

CVE-2021-23439

CVE-2021-23439 affects the file-upload-with-preview package prior to version 4.2.0. A file name containing malicious JavaScript can be uploaded when a user is tricked into uploading it, enabling cross-site scripting (XSS) in affected contexts. The issue arises from lack of proper validation/escap...

CVE-2021-23439 Cross-site Scripting (XSS)

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

PT-2021-15525 · Unknown · File-Upload-With-Preview

Name of the Vulnerable Software and Affected Versions: file-upload-with-preview versions prior to 4.2.0 Description: The issue allows a file containing malicious JavaScript code in its name to be uploaded, but this requires a user to be tricked into uploading such a file. Recommendations: For...