Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-13717

Attachment list in popup doesn't escape filenames causing XSS hole

    XMLWordPrintable

    Details

      Description

      The filenames in the attachment list of the link popup aren't being escaped.
      If you upload an attachment with a filename including html it could be executed.

        Attachments

          Activity

            People

            Assignee:
            mjensen m@
            Reporter:
            mjensen m@
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: