Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13717

Attachment list in popup doesn't escape filenames causing XSS hole

XMLWordPrintable

      The filenames in the attachment list of the link popup aren't being escaped.
      If you upload an attachment with a filename including html it could be executed.

        1. insertlink-popup-common-2.8.2.vm
          10 kB
        2. insertlink-popup-common-2.9.2.vm
          10 kB

              mjensen m@ (Inactive)
              mjensen m@ (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: