Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-13717

Attachment list in popup doesn't escape filenames causing XSS hole

    XMLWordPrintable

Details

    Description

      The filenames in the attachment list of the link popup aren't being escaped.
      If you upload an attachment with a filename including html it could be executed.

      Attachments

        Activity

          People

            mjensen m@
            mjensen m@
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: