CVE-2021-23562
Arbitrary File UploadThis affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
We have discovered 83,044 live websites that are affected by CVE-2021-23562.
Affected Software
| Product | |
| Category | JavaScript Libraries |
| Vulnerable Domains | 83,044 live websites (98.77% of Plupload install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 46 versions ( 80.70% of all versions) |
Details
- Published - Dec 3, 2021
- Updated - Sep 16, 2024
Credits
- Michele Di Stefano
CVE References
CVE-2021-23562 usage by Country
 United States | 43,067 websites |
 Germany | 8,449 websites |
 France | 4,523 websites |
 GB | 2,856 websites |
 Netherlands | 2,223 websites |
 Australia | 1,648 websites |
 Cyprus | 1,562 websites |
 Canada | 1,265 websites |
 Bulgaria | 1,123 websites |
 Switzerland | 1,105 websites |
CVE-2021-23562 usage by TLD
| .com | 41,333 websites |
| .org | 6,746 websites |
| .de | 4,184 websites |
| .com.au | 2,443 websites |
| .nl | 2,341 websites |
| .co.uk | 2,153 websites |
| .net | 2,053 websites |
| .fr | 1,847 websites |
| .ca | 1,374 websites |
| .it | 1,069 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-23562
Top websites that are affected by CVE-2021-23562. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| ****.net | France | *,*** | |
| *********************.nl | Netherlands | *,*** | |
| ***************.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| *************.com | United States | *,*** | |
| *********.me | United States | *,*** | |
| *********.********.info | United States | *,*** | |
| *****.org | United States | *,*** |
FAQ
A total of 83,044 websites have been identified as vulnerable to CVE-2021-23562, discovered through global website indexing conducted by WebTechSurvey.
Plupload is susceptible to CVE-2021-23562 vulnerability.
Plupload versions before 2.3.9 are vulnerable to CVE-2021-23562.
Version 2.3.9 of Plupload addresses the CVE-2021-23562 security vulnerability.
References
- https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665
- https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226
- https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb