Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability found via <iframe> tag when upload file #32

Closed
showuon opened this issue Jul 9, 2019 · 2 comments
Closed

XSS vulnerability found via <iframe> tag when upload file #32

showuon opened this issue Jul 9, 2019 · 2 comments

Comments

@showuon
Copy link

showuon commented Jul 9, 2019

create a file named with "<iframe src=javascript:alert(4)>.jpg", and upload this file. After that, every user with read permission will be affected.
上传一个命名为"<iframe src=javascript:alert(4)>.jpg"的文档,所有有read权限的使用者都会受影响

image
image

@KOHGYLW
Copy link
Owner

KOHGYLW commented Jul 10, 2019

Thank you for your feedback!
The testing result indicate that the problem does real exist,and we plans to be repaired in the next version.
Thank you for your support and interest,your advice, suggestions and criticism are always appreciated!

@KOHGYLW
Copy link
Owner

KOHGYLW commented Jul 20, 2019

This loophole is fixed in version 1.0.19 .

@KOHGYLW KOHGYLW closed this as completed Jul 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants