Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
-
None
-
Browser: MSIE
Description
As reported at CONF-9559 the spaces/openuserpicker.action and spaces/grouppicker.action display unescaped content that can be entered in the url. This forms an XSS vulnerability.
Attachments
Issue Links
- is related to
-
CONFSERVER-11081 URL not encoded for group browser
- Closed