XSS vulnerability in social bookmarking plugin bundled in Confluence

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 2.7.3
    • Affects Version/s: 2.6.2, 2.7.2
    • Component/s: None

      The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances (even if you do not use the plugin or do not have the Add Bookmark Web Item enabled).

      The updatebookmark.action URL is vulnerable on these parameters:

      • bookmarkPageId
      • redirect
      • labelsString

      The JIRA issue created in the developer.atlassian.com project for this plugin can be found here: http://developer.atlassian.com/jira/browse/MARK-60.

        1. socialbookmarking-1.0.6-patched.jar
          59 kB
        2. socialbookmarking-1.1.1.jar
          61 kB

            Assignee:
            dave (Inactive)
            Reporter:
            dave (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: