Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-9366

XSS via FileUpload

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 5.2-milestone-2
    • 5.1
    • Security
    • None
    • Unknown
    • N/A

    Description

      We can upload any kind of file as an attachment. The issue is that we can even upload some html / js files that would be executed if someone goes to the download page.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-18368 XSS through SVG download

          • Major - Major loss of function.
          • Closed
          links to

          Web Link Pull Request

          Activity

            People

              thomas_delafosse Thomas Delafosse
              thomas_delafosse Thomas Delafosse
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: