Scroll Word Exporter Administration Security Advisories Security Advisories This page provides an overview for security vulnerabilities that have been identified and resolved. Key Summary T Status EXP-3477 Broken Access Control in Comala Document Mgmt for Scroll Exporters Released to Server EXP-3404 User without space permissions can export with space-specific templates Released EXP-3403 Unauthorized user can download template data via public REST API Released to Server EXP-3374 XSS vulnerability in Scroll Exporter user interface Released to Server EXP-3252 Path traversal vulnerability in REST API Released to Server EXP-3211 Disclosure of installed Scroll Exporter app details Released to Server EXP-3170 Disclosure of custom template placeholders Released to Server EXP-3169 SSRF vulnerability in Scroll Exporter apps Released to Server EXP-3168 Insufficient permission checks in export template REST API Released to Server EXP-3167 Potential Denial of Service due to lack of authentication in REST API Released to Server EXP-2834 DOM-XSS vulnerability in Scroll PDF Exporter and Scroll Word Exporter 2019-09-16 Released to Cloud EXP-2826 Access token leak in Scroll Exporter apps for Confluence Cloud 2019-09-06 Released to Cloud EXP-2825 SSRF vulnerability in Scroll Word Exporter 2019-09-05 Released EXP-2802 XSS vulnerability in template upload mechanism 2019-07-04 Released EXP-2779 Remote code execution vulnerability in Scroll Exporter apps 2019-06-17 Released EXP-2614 The bundled Scroll Runtime plugin does not check permissions under certain conditions (2018-12-17) Released to Server 16 issues ×
