It is possible to upload a flash swf file which when the attachment 'download' url is visited the flash swf file is executed in the browser and as such can use ExternalInterface.call() method to inject javascript defined in the swf file into the browser.
- is superseded by
-
CONFCLOUD-25873 Various persistent-xss vulnerabilities in attachment downloads
-
- Closed
-
- relates to
-
CONFCLOUD-25488 persistent xss through svg file attachment download
-
- Closed
-