Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.3.1
Affects Version/s: 4.3.7, 5.2.4
Component/s: None
Labels:
- affects-server
- cvss-high
- editor
- loyalty
- security

CVSS Score:
6.5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Steps to replicate:

Add an attachment
Rename the file to "<iframe onload=alert(1)>.txt"
Copy its remove link and open the link in a new browser window
Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen.

Everything works normally if you just click the delete button rather than copying the link into a new tab.

Attachments

Issue Links

mentioned in: Wiki Page Loading...

Activity

People

Assignee:: Issac Gerges (Inactive)

Reporter:: Bernd Lindner

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 16/Sep/2013 11:11 AM

Updated:: 11/Oct/2018 8:37 AM

Resolved:: 27/Sep/2013 6:09 AM