QID 997941
Date Published: 2024-04-04
QID 997941: NodeJs (Npm) Security Update for jquery-file-upload (GHSA-43x9-7hfv-mxrf)
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-43x9-7hfv-mxrf for updates and patch information.
Vendor References
- GHSA-43x9-7hfv-mxrf -
github.com/advisories/GHSA-43x9-7hfv-mxrf
CVEs related to QID 997941
Software Advisories
| Advisory ID | Software | Component | Link |
|---|