Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.10
Affects Version/s: 2.6.2, 2.7.3, 2.8.2, 2.9.2
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The filenames in the attachment list of the link popup aren't being escaped.
If you upload an attachment with a filename including html it could be executed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

insertlink-popup-common-2.9.2.vm
10 kB
27/Nov/2008 12:26 AM
insertlink-popup-common-2.8.2.vm
10 kB
27/Nov/2008 12:26 AM

Activity

People

Assignee:: m@ (Inactive)

Reporter:: m@ (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 14/Nov/2008 12:59 AM

Updated:: 11/Oct/2018 9:01 AM

Resolved:: 24/Nov/2008 11:34 PM