Impact
When uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users.
Patches
This has been fixed by #5981, which is included in 3.21.0.
Workarounds
There are no known workarounds.
Impact
When uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users.
Patches
This has been fixed by #5981, which is included in 3.21.0.
Workarounds
There are no known workarounds.