diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index d71dab107..a96aca173 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -8,6 +8,7 @@
    Existing tests using that directory have been modified to use the new
    method instead of finding the path manually.
  - fix: Avatar in Thread & Posts of CS
+ - fix: CS Phishing Exploit.
 
 7.3.1
  - Fixed a problem with IE and resizable text areas that caused IE to crash
diff --git a/lib/WebGUI/Storage.pm b/lib/WebGUI/Storage.pm
index 862af682a..32f3be81d 100644
--- a/lib/WebGUI/Storage.pm
+++ b/lib/WebGUI/Storage.pm
@@ -208,7 +208,7 @@ sub addFileFromFormPost {
 		next if ($upload->size > 1024 * $self->session->setting->get("maxAttachmentSize"));
 		if ($tempFilename =~ /([^\/\\]+)$/) { $tempFilename = $1; }
 		my $type = $self->getFileExtension($tempFilename);
-		if (isIn($type, qw(pl perl sh cgi php asp))) { # make us safe from malicious uploads
+		if (isIn($type, qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
 			$tempFilename =~ s/\./\_/g;
 			$tempFilename .= ".txt";
 		}