CVE-2020-9447

The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename.
Source: NIST
CVE-2020-9447