CVE-2020-9447

Name of the Vulnerable Software and Affected Versions GwtUpload version 1.0.3

Description The issue concerns a cross-site scripting (XSS) vulnerability in the file upload functionality. This vulnerability allows an attacker to upload a file with a malicious filename containing JavaScript code, resulting in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities.

Recommendations For GwtUpload version 1.0.3, consider validating and sanitizing filenames before processing them to prevent the execution of malicious JavaScript code. As a temporary workaround, restrict the file upload feature until a proper fix is implemented.