A vulnerability labeled as problematic has been found in parse-community parse-server up to 8.6.83/9.0.0-9.10.0-alpha.2. Affected by this vulnerability is an unknown functionality of the component FileUpload. Such manipulation of the argument content-type leads to cross site scripting.
This vulnerability is listed as CVE-2026-61448. The attack may be performed from remote. There is no available exploit.