Lucene search
China National Vulnerability DatabaseCNVD-2021-101158HistoryNov 04, 2021 - 12:00 a.m.
pekeUpload cross-site scripting vulnerability
2021-11-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
pekeupload
jquery
html5
cross-site scripting
vulnerability
pedro molina
colombia
remote attacker
user-supplied data
html
script code
browser
website
cnvd
EPSS
0.001
Percentile
40.8%
PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a victim into following a specially crafted link and execute arbitrary HTML and script code in the user’s browser on a vulnerable website. A remote attacker can use the vulnerability to execute cross-site scripting attacks.
Related
prion
prion
Design/Logic Flaw
2021-11-22 17:15:00
osv
osv
Cross-site Scripting in pekeupload
2021-12-02 17:52:26
cvelist
cvelist
CVE-2021-23673 Cross-site Scripting (XSS)
2021-11-22 17:00:22
cve
cve
CVE-2021-23673
2021-11-22 17:15:08
veracode
veracode
Cross-site Scripting (XSS)
2021-11-23 03:58:17
github
github
Cross-site Scripting in pekeupload
2021-12-02 17:52:26
nvd
nvd
CVE-2021-23673
2021-11-22 17:15:08