We have moved to GitHub Issues
You are viewing the read-only archive of Umbraco's issue tracker. To create new issues, please head over to GitHub Issues.
Make sure to read the blog posts announcing the move for more information.
Created by Sebastiaan Janssen 22 Feb 2017, 10:08:26 Updated by Sebastiaan Janssen 22 Feb 2017, 10:15:10
Tags: UnscheduledThis poses an XSS risk when people upload files with javascript in it, it will execute on the frontend.
2 Attachments
Fixed in: https://github.com/umbraco/Umbraco-CMS/commit/76b696e3bf4cbff6ac372aa390ea32b6a64bff5e
xhtml files are rejected after that change
Priority: Normal
Type: Bug
State: Fixed
Assignee:
Difficulty: Normal
Category: Security
Backwards Compatible: True
Fix Submitted:
Affected versions:
Due in version: 7.5.11
Sprint: Sprint 53
Story Points:
Cycle: