Details
-
Bug
-
Resolution: Fixed
-
Major
-
5.1
-
None
Description
We can upload any kind of file as an attachment. The issue is that we can even upload some html / js files that would be executed if someone goes to the download page.
Attachments
Issue Links
- relates to
-
XWIKI-18368 XSS through SVG download
- Closed
- links to