Users are allowed to send compromised files, these attachments allowed people to input malicious JavaScript which triggered XSS payload
<FilesMatch "\.pdf$">
Header set Content-Disposition "Attachment"
Header set X-Content-Type-Options "nosniff"
</FilesMatch>
<IfModule mod_headers.c>
Header set Content-Disposition "Attachment"
Header set X-Content-Type-Options "nosniff"
</IfModule>
location ~* \.pdf$ {
add_header Content-Disposition Attachment;
add_header X-Content-Type-Options nosniff;
}
location ~ ^/upload/ {
add_header Content-Disposition Attachment;
add_header X-Content-Type-Options nosniff;
}
Impact
Users are allowed to send compromised files, these attachments allowed people to input malicious JavaScript which triggered XSS payload
Patches
The problem is fixed in 1.7.6.8
Workarounds
With apache
In your
.htaccessfileIn your
/upload/.htaccessfileWith Nginx
References
Cross-site Scripting (XSS) - Stored (CWE-79)