gwtupload

gwtupload copied to clipboard

XSS in the file upload functionality

9

There is an XSS(Cross-site scripting) present in the file upload functionality, where someone can upload a file with malicious filename, which contains JavaScript code, which would results in XSS. Example:...

uzakov

Release 1.0.4

3

Could you release the 1.0.4 version ?

zouabimourad

csware

Upload delay resulting in DoS

3

There is a vulnerability which allows to perform DoS attack against the application server. The problem lies in handling `delay` parameter when upload is initiated (`gwtupload.server.UploadServlet#parsePostRequest`). Value from this parameter...

mmmds

Drag-and-drop upload of a file with "&" in its name fails

1

Drag-and-drop upload of a file with "&" in its name fails. Though files selected via system file selection dialog upload fine. This is due to lack of escaping in XML...

stezadov

XML escaping and unescaping not properly handled

1

Problem discovered by attempting XSS injection on UploadAction: - **[SERVER SIDE, [UploadAction.java](https://github.com/manolo/gwtupload/blob/master/core/src/main/java/gwtupload/server/UploadAction.java#L203)]** When creating XML error message, XML entities are not escaped: ``` java postResponse = "" + error +...

cinlloc

CVE-2020-9447

2

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9447

RasmusOlesen

Addresses CVE-2020-9447.

csware

Problem with firing up samples

5

After executing mvn eclipse:eclipse in gwtupload/samples i get the following unresolved dependencies error > [ERROR] Failed to execute goal on project gwtupload-samples: Could not resolve dependencies for project com.googlecode.gwtupload:gwtupload-samples:war:1.0.4-SNAPSHOT: The...

johnnny333

Logging info messages on error level.

2

Wrong usage of logging: Logging info messages on error level. Upload servlet line 942 to 946: ``` // Receive the files logger.error("UPLOAD-SERVLET (" + session.getId() + ") parsing HTTP POST...

allanite