persistent xss vulnerability through uploaded files in IE8/9

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      It is possible to upload a number of file types (checked by extension) to an answers instance and then download them later. Internet Explorer(8/9) sniffs text/plain (and some other content-types) downloads to determine the 'content-type' to use. This means that a text/plain content-type file in internet explorer can be rendered as text/html (as html). To solve this problem it is possible to:
      1. set the content-disposition header to be "attachment"
      2. and/or set the X-Content-Type-Options header to be "nosniff"

            Assignee:
            Joe Clark
            Reporter:
            David Black
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: