Attachment list in popup doesn't escape filenames causing XSS hole

XMLWordPrintable

      The filenames in the attachment list of the link popup aren't being escaped.
      If you upload an attachment with a filename including html it could be executed.

        1. insertlink-popup-common-2.8.2.vm
          10 kB
        2. insertlink-popup-common-2.9.2.vm
          10 kB

            Assignee:
            m@ (Inactive)
            Reporter:
            m@ (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: