CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

CVE-2026-33653

Uploady is vulnerable to a stored XSS in versions before 3.1.2 due to improper sanitization of filenames during upload. A malicious filename can execute JavaScript when displayed in the file list or details page. The issue is fixed in version 3.1.2. The available connected documents confirm the a...

CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

Uploady 跨站脚本漏洞

Uploady is a modern secure file upload script developed by Faris AL-Otaibi, designed to support multiple file uploads. Versions of Uploady prior to 3.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filename cleaning during the file upload process, whic...

react-uploady 安全漏洞

react-uploady is an upload component of rpldy open source. A security vulnerability exists in react-uploady v1.8.1, which stems from the lib.createUploader function containing a prototype contamination vulnerability...