-
Bug
-
Resolution: Fixed
-
Medium
-
2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
-
None
-
Browser: MSIE
As reported at CONF-9559 the spaces/openuserpicker.action and spaces/grouppicker.action display unescaped content that can be entered in the url. This forms an XSS vulnerability.
- is related to
-
-
- Closed
-
[CONFSERVER-11040] Grouppicker and Userpicker display unescaped user-entered content
| Workflow | Original: JAC Bug Workflow v3 [ 2881917 ] | New: CONFSERVER Bug Workflow v4 [ 2990553 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2783256 ] | New: JAC Bug Workflow v3 [ 2881917 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2708754 ] | New: JAC Bug Workflow v2 [ 2783256 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2373593 ] | New: JAC Bug Workflow [ 2708754 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2258675 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2373593 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2209650 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2258675 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2155405 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2209650 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1910864 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2155405 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1718208 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1910864 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1669794 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1718208 ] |