Filtered by vendor Gwtupload Project
Subscriptions
Filtered by product Gwtupload
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9447 | 1 Gwtupload Project | 1 Gwtupload | 2021-12-21 | 6.1 Medium |
| There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking. | ||||
| CVE-2020-13128 | 1 Gwtupload Project | 1 Gwtupload | 2020-05-19 | 7.5 High |
| An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service. | ||||
Page 1 of 1.