Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.3.1
Affects Version/s: 4.3.7, 5.2.4
Component/s: None
Labels:
- affects-server
- cvss-high
- editor
- loyalty
- security

CVSS Score:
6.5

Steps to replicate:

Add an attachment
Rename the file to "<iframe onload=alert(1)>.txt"
Copy its remove link and open the link in a new browser window
Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen.

Everything works normally if you just click the delete button rather than copying the link into a new tab.

mentioned in: Wiki Page Loading...

Assignee:: Issac Gerges (Inactive)
Reporter:: Bernd Lindner
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: 16/Sep/2013 11:11 AM
Updated:: 11/Oct/2018 8:37 AM
Resolved:: 27/Sep/2013 6:09 AM