[MEDIUM] class.upload.php allows cross-site scripting attacks via uploaded files

PKSA-3n81-fgxd-xfh7 CVE-2023-6551 GHSA-v6f4-jwv9-682w

Affected version: <=2.1.6

Reported by:
GitHub