CVE-2026-33653

Name of the Vulnerable Software and Affected Versions Ulloady versions prior to 3.1.2

Description Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting (XSS) issue exists because filenames are not properly sanitized during file uploads. An attacker can upload a file with a malicious filename containing JavaScript code. This code is then rendered in the application without proper escaping. When the filename is displayed in the file list or file details page, the malicious script executes in the browser of any user who views the page.

Recommendations Update to Ulloady version 3.1.2 or later.