PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a victim into following a specially crafted link and execute arbitrary HTML and script code in the user’s browser on a vulnerable website. A remote attacker can use the vulnerability to execute cross-site scripting attacks.