← Zuruck zu CVEs
CVE-2026-33653
MEDIUM4.6
Beschreibung
Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScript code, which is later rendered in the application without proper escaping. When the filename is displayed in the file list or file details page, the malicious script executes in the browser of any user who views the page. Version 3.1.2 fixes the issue.
CVE Details
CVSS v3.1 Bewertung4.6
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht3/26/2026
Zuletzt geandert3/26/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-79
Referenzen
https://github.com/farisc0de/Uploady/commit/e4b4dbec0b45304b5ab01e36a1003d0c7cc613d5(security-advisories@github.com)
https://github.com/farisc0de/Uploady/releases/tag/v3.1.2(security-advisories@github.com)
https://github.com/farisc0de/Uploady/security/advisories/GHSA-2834-m7xm-fqr5(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.