Uploady
Monthly
Stored XSS in Uploady file uploader (farisc0de/Uploady versions prior to 3.1.2) allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by uploading files with malicious filenames that are rendered without proper escaping in file list and details pages. The vulnerability requires user interaction (viewing the affected page) and authenticated access, resulting in confidentiality and integrity impact with a CVSS score of 4.6. Vendor-released patch version 3.1.2 is available.
Stored XSS in Uploady file uploader (farisc0de/Uploady versions prior to 3.1.2) allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by uploading files with malicious filenames that are rendered without proper escaping in file list and details pages. The vulnerability requires user interaction (viewing the affected page) and authenticated access, resulting in confidentiality and integrity impact with a CVSS score of 4.6. Vendor-released patch version 3.1.2 is available.