2 matches found
CVE-2020-9447
GWTUpload 1.0.3 is affected by an XSS in the file-upload filename; an attacker can upload a file with a malicious filename to trigger script execution. The issue stems from insufficient sanitization during upload, enabling data theft or UI manipulation. CoreLabs advisory notes patches to sanitize...
CVE-2020-13128
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service.