[CONFSERVER-11985] XSS vulnerability in create/edit/copy page and blogpost actions

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.8.2
Affects Version/s: 2.8
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

The following create/edit page URL's are vulnerable:

/pages/createpage.action
/pages/docreatepage.action
/pages/editpage.action
/pages/doeditepage.action

on parentPageString

Example of a maliciously crafted path:
/pages/doeditpage.action?pageId=12345&parentPageString=Home%22%3e%3cscript%3ealert("XSS")%3c%2fscript%3e

where 12345 is a valid page id.

Patch instructions for 2.8.x

1. Shut down Confluence
2. Copy attached content-editor.vm to confluence/template/custom
3. Start up Confluence

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

content-editor.vm
9 kB
02/Jun/2008 1:43 AM

is a regression of

CONFSERVER-11027 XSS vulnerabilities in create/edit/copy page and blogpost actions

Closed

Don Willis added a comment - 02/Jun/2008 2:38 AM

Note that on pre 2.8 versions of Confluence, this is fixed by the page-location-form.vm attached to ~~CONF-11027~~, and is fixed in 2.7.3

Don Willis added a comment - 02/Jun/2008 2:38 AM Note that on pre 2.8 versions of Confluence, this is fixed by the page-location-form.vm attached to CONF-11027 , and is fixed in 2.7.3

Assignee:: Don Willis

Reporter:: James Rinker

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 30/May/2008 1:45 PM

Updated:: 11/Oct/2018 9:04 AM

Resolved:: 02/Jun/2008 5:23 AM

Details

Description

Patch instructions for 2.8.x

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Don Willis added a comment - 02/Jun/2008 2:38 AM

Expand comment: Don Willis added a comment - 02/Jun/2008 2:38 AM

People

Dates