[CONFSERVER-11005] XSS vulnerability in signup actions

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.7.3
Affects Version/s: 2.0.3, 2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Vulnerable URL's:

signup.action
dosignup.action

on username, email, password, confirm, fullname

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

common-signup.vm
3 kB
14/Mar/2008 5:03 AM

is blocked by

CONFSERVER-9627 Velocity does not automatically escape HTML entities when substituting variables

Closed

Katherine Yabut made changes - 13/Nov/2018 4:48 AM

Workflow

Original: JAC Bug Workflow v3 [ 2876805 ]

New: CONFSERVER Bug Workflow v4 [ 3005390 ]

Owen made changes - 11/Oct/2018 8:39 AM

Workflow	Original: JAC Bug Workflow v2 [ 2776851 ]	New: JAC Bug Workflow v3 [ 2876805 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:12 PM

Workflow

Original: JAC Bug Workflow [ 2713662 ]

New: JAC Bug Workflow v2 [ 2776851 ]

Owen made changes - 02/Jul/2018 6:49 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2379323 ]

New: JAC Bug Workflow [ 2713662 ]

Katherine Yabut made changes - 22/Jun/2017 6:47 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2269808 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2379323 ]

Katherine Yabut made changes - 31/May/2017 5:32 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2215485 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2269808 ]

Katherine Yabut made changes - 31/May/2017 4:55 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2166587 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2215485 ]

Katherine Yabut made changes - 31/May/2017 1:58 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1924099 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2166587 ]

Katherine Yabut made changes - 03/Apr/2017 3:57 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1726542 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1924099 ]

Katherine Yabut made changes - 28/Feb/2017 6:33 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1682374 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1726542 ]

Assignee:: dave (Inactive)

Reporter:: dave (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 10/Mar/2008 4:58 AM

Updated:: 11/Oct/2018 8:39 AM

Resolved:: 14/Mar/2008 4:59 AM

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

People

Dates