Security Advisories

This page outlines the security vulnerabilities that have been identified and resolved in the app.

Key	Summary	T	Status
EXP-3477	Broken Access Control in Comala Document Mgmt for Scroll Exporters		Released to Server
EXP-3404	User without space permissions can export with space-specific templates		Released
EXP-3403	Unauthorized user can download template data via public REST API		Released to Server
EXP-3374	XSS vulnerability in Scroll Exporter user interface		Released to Server
EXP-3252	Path traversal vulnerability in REST API		Released to Server
EXP-3211	Disclosure of installed Scroll Exporter app details		Released to Server
EXP-3170	Disclosure of custom template placeholders		Released to Server
EXP-3169	SSRF vulnerability in Scroll Exporter apps		Released to Server
EXP-3168	Insufficient permission checks in export template REST API		Released to Server
EXP-3167	Potential Denial of Service due to lack of authentication in REST API		Released to Server
EXP-3056	XSS vulnerability in font management dialog		Released
EXP-2910	SSRF vulnerability in PDF engine bundled with Scroll PDF Exporter		Released to Server
EXP-2847	Scroll Exporter Security Advisory 2014-11-19		Released to Server
EXP-2834	DOM-XSS vulnerability in Scroll PDF Exporter and Scroll Word Exporter 2019-09-16		Released to Cloud
EXP-2826	Access token leak in Scroll Exporter apps for Confluence Cloud 2019-09-06		Released to Cloud
EXP-2802	XSS vulnerability in template upload mechanism 2019-07-04		Released
EXP-2779	Remote code execution vulnerability in Scroll Exporter apps 2019-06-17		Released
EXP-2750	PDFreactor can be used for SSRF and access to arbitrary files on the server 2019-05-14		Released to Server
EXP-2614	The bundled Scroll Runtime plugin does not check permissions under certain conditions (2018-12-17)		Released to Server

19 issues