CVE-2021-23562

Name of the Vulnerable Software and Affected Versions plupload versions prior to 2.3.9

Description The issue allows an attacker to upload a file with a name containing JavaScript code, which could then be executed. This would require the attacker to trick a user into uploading such a file. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent the execution of JavaScript code until a patch is applied. Avoid allowing users to upload files with names containing JavaScript code in the affected plupload package.