Vova07

**Name of the Vulnerable Software and Affected Versions** vova07 Yii2 FileAPI Widget versions up to 0.1.8 **Description** A vulnerability was found in the vova07 Yii2 FileAPI Widget, which has been declared as problematic. The issue affects the `run` function of the file actions/UploadAction.php. The manipulation of the `file` argument leads to cross-site scripting. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For versions up to 0.1.8, upgrade to version 0.1.9 to address this issue. As a temporary workaround, consider restricting access to the `run` function of the actions/UploadAction.php file until the upgrade is applied. Additionally, be cautious when handling the `file` argument to minimize the risk of cross-site scripting attacks.