PT-2021-15544 · Unknown · Pekeupload

Michele Di Stefano

Published

2021-11-22

Updated

2021-12-02

CVE-2021-23673

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions pekeupload (affected versions not specified)

Description The issue allows an attacker to execute javascript code if a user is induced to upload a file with a name containing the code. This is achieved by exploiting the file upload functionality, where the filename is not properly sanitized, allowing the execution of javascript code contained within the filename.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-23673

GHSA-89Q5-MJ78-PW5W

SNYK-JS-PEKEUPLOAD-1584360

Affected Products

Pekeupload

PT-2021-15544 · Unknown · Pekeupload

CVE-2021-23673

Weakness Enumeration

Related Identifiers

Affected Products

References · 7