Uploaded files present a huge risk in the server. The uploaded files can be malicious and can cause damage to the server with the sensitive data breach. It could also give complete access to the attacker. When an attacker wants to attack a web application. He will try different methods to upload his malicious file. After a successful upload, he will find different ways to execute the file. A successful execution will give what the attacker wants.
Many servers are vulnerable to cross-site scripting vulnerability during upload of very large files. This vulnerability is faced due to the error message, it is not properly restricted. In WordPress versions before 4.7.5, cross-site scripting (XSS) vulnerability existed while attempting to upload huge files. This vulnerability existed because the error message did not correctly restrict the presentation of the filename.
Impact and Fixes
