Jlthames2

**Name of the Vulnerable Software and Affected Versions** SunHater KCFinder versions 3.11 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `file` or `directory` name of an uploaded file. **Recommendations** For SunHater KCFinder versions 3.11 and earlier, update to a version later than 3.11 to resolve the issue.