Filtered by vendor Frontend Uploader Project
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24563 | 1 Frontend Uploader Project | 1 Frontend Uploader | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly | |||||
| CVE-2014-9444 | 1 Frontend Uploader Project | 1 Frontend Uploader | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. | |||||