Scroll PDF Exporter Administration Security Advisories Security Advisories This page outlines the security vulnerabilities that have been identified and resolved in the app. Key Summary T Status EXP-3477 Broken Access Control in Comala Document Mgmt for Scroll Exporters Released to Server EXP-3404 User without space permissions can export with space-specific templates Released EXP-3403 Unauthorized user can download template data via public REST API Released to Server EXP-3374 XSS vulnerability in Scroll Exporter user interface Released to Server EXP-3252 Path traversal vulnerability in REST API Released to Server EXP-3211 Disclosure of installed Scroll Exporter app details Released to Server EXP-3170 Disclosure of custom template placeholders Released to Server EXP-3169 SSRF vulnerability in Scroll Exporter apps Released to Server EXP-3168 Insufficient permission checks in export template REST API Released to Server EXP-3167 Potential Denial of Service due to lack of authentication in REST API Released to Server EXP-3056 XSS vulnerability in font management dialog Released EXP-2910 SSRF vulnerability in PDF engine bundled with Scroll PDF Exporter Released to Server EXP-2847 Scroll Exporter Security Advisory 2014-11-19 Released to Server EXP-2834 DOM-XSS vulnerability in Scroll PDF Exporter and Scroll Word Exporter 2019-09-16 Released to Cloud EXP-2826 Access token leak in Scroll Exporter apps for Confluence Cloud 2019-09-06 Released to Cloud EXP-2802 XSS vulnerability in template upload mechanism 2019-07-04 Released EXP-2779 Remote code execution vulnerability in Scroll Exporter apps 2019-06-17 Released EXP-2750 PDFreactor can be used for SSRF and access to arbitrary files on the server 2019-05-14 Released to Server EXP-2614 The bundled Scroll Runtime plugin does not check permissions under certain conditions (2018-12-17) Released to Server 19 issues ×
