Hayageek Jquery Upload File vulnerabilities
2 known vulnerabilities affecting hayageek/jquery_upload_file.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-9207P2CRITICALCVSS 9.8≤ 4.0.2≥ unspecified, ≤ 4.0.22018-11-19
CVE-2018-9207 [CRITICAL] CWE-434 CVE-2018-9207: Arbitrary file upload in jQuery Upload File <= 4.0.2
Arbitrary file upload in jQuery Upload File <= 4.0.2
nvd
CVE-2021-37504P4MEDIUMCVSS 6.1v4.0.112022-02-25
CVE-2021-37504 [MEDIUM] CWE-79 CVE-2021-37504: A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.1
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
nvd