CVE-2020-9447

Published: Feb 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/manolo/gwtupload/issues/32

x_refsource_MISC

https://www.coresecurity.com/advisories/gwtupload-xss-file-upload-functionality

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-9447

Description

Affected Products

References