pekeupload@2.1.1 vulnerabilities
jQuery html5 file uploader plugin
-
latest version
2.1.1
-
first published
9 years ago
-
latest version published
8 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the pekeupload package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pekeupload is a jQuery plugin that allows you to easily add multiple or single file upload functionality to your website. This plugin uses html5 only. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. PoC
How to fix Cross-site Scripting (XSS)? There is no fixed version for |
*
|