Welcome to the Angular feedback portal. We’re happy you’re here! If you have feedback on how to improve the Angular, we’d love to hear it!

Check out the features or bugs others have reported and vote on your favorites. Feedback will be prioritized based on popularity.
If you have feedback that’s not listed yet, submit your own.

Thanks for joining our community and helping improve Syncfusion products!

Vote

File Manager is vulnerable to XSS attacks Completed

: Feb 15, 2024 5:40 PM

: Mar 18, 2024 10:10 AM

: Bug Report

: FileManager

: 24.2.7

: Vol 1 2024 (Mar 15, 2024)

: Feb 15, 2024 5:40 PM

: Bug Report

: FileManager

Files names with XSS attack values in their name get executed and tries to render the images in the file name.

Additionally, when entering the filename as string in this editor, it also tries to show the image.

i.e.: '>.txt

Screenshot_20240215_234250.png

6 COMMENTS