Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9447 | 1 Gwtupload Project | 1 Gwtupload | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking. | |||||
| CVE-2020-13128 | 1 Gwtupload Project | 1 Gwtupload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service. | |||||