Gwtupload Project: >> Gwtupload >> 1.0.3 Security Vulnerabilities
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-05-18
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-28