Attachment list in popup doesn't escape filenames causing XSS hole

XMLWordPrintable

      The filenames in the attachment list of the link popup aren't being escaped.
      If you upload an attachment with a filename including html it could be executed.

        1. insertlink-popup-common-2.8.2.vm
          10 kB
        2. insertlink-popup-common-2.9.2.vm
          10 kB

              Assignee:
              m@ (Inactive)
              Reporter:
              m@ (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: