CVE-2021-23562

This CVE affects the plupload package prior to v2.3.9. The vulnerability allows a file name containing JavaScript code to be uploaded and executed, requiring social engineering to entice a user to upload such a file. The root cause is insufficient validation of uploaded file names that may contai...