File upload issue - Githubissues

freeflowuniverse / freeflow_kutana_ui

Crystal Meet

Apache License 2.0

2 stars 1 forks source link

Open azertyalex opened 4 years ago

azertyalex commented 4 years ago

Version: v3.6.0-rc01

It is possible inject javascript into the file name

"content": {
      "file": "javascript:alert(document.cookie)-pdf/pdf;base64,iVBORw0KGgoAAAAN",
      "name": "cookie.txt"
},