As documented at http://blog.detectify.com/post/86298380233/the-pitfalls-of-allowing-file-uploads-on-your-website it is possible to upload a flash file to confluence with a different content-type than for flash and when embedded on an attacker's domain will be able to make requests to the confluence instance upon which the flash file is hosted. This bug can be used to steal a user's XSRF/CSRF token.
h3. Steps to reproduce
Current behaviour: Flash file is rendered Expected behaviour: Flash file should not be rendered