[CONFSERVER-11027] XSS vulnerabilities in create/edit/copy page and blogpost actions - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.7.3
Affects Version/s: 2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

The following create/edit page URL's are vulnerable:

/pages/createpage.action
/pages/docreatepage.action
/pages/editpage.action
/pages/doeditepage.action

on parentPageString, mode, labelsString, captchaId

The following create/edit blogpost URL's are vulnerable:

/pages/createblogpost.action
/pages/docreateblogpost.action
/pages/editblogpost.action
/pages/doeditblogpost.action

on mode, labelsString, title, captchaId

The following copy page URL's are vulnerable:

/pages/copypage.action
/pages/docopypage.action

on parentPageString, mode, labelsString, captchaId

The following comment action URL's are vulnerable:

pages/addcomment.action
pages/doaddcomment.action

on mode and captchaId

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

page-labels-form.vm
3 kB
11/Mar/2008 11:30 PM
page-location-form.vm
4 kB
11/Mar/2008 11:30 PM
createblogpost-form.vm
3 kB
11/Mar/2008 11:30 PM
macros.vm
123 kB
11/Mar/2008 11:31 PM
wiki-textarea.vm
27 kB
11/Mar/2008 11:31 PM

has a regression in

CONFSERVER-11985 XSS vulnerability in create/edit/copy page and blogpost actions

Closed

Assignee:: Chris Broadfoot [Atlassian]

Reporter:: dave (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 11/Mar/2008 5:24 AM

Updated:: 11/Oct/2018 9:02 AM

Resolved:: 11/Mar/2008 11:36 PM