moxiecode/plupload

GitHub

github.com

www.plupload.com

Releases41

Frequency3 months 2 weeks

Last Release over 4 years ago

Stars5.62K

Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-23562 ↗	Dec 3, 2021Friday, 3 December 2021, 20:15	4.2 MEDIUM	6.8 MEDIUM
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
CVE-2021-23673 ↗	Nov 22, 2021Monday, 22 November 2021, 17:15	5.4 MEDIUM	4.3 MEDIUM
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.
CVE-2013-0237 ↗	Jul 8, 2013Monday, 8 July 2013, 20:55	—	4.3 MEDIUM
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.