[CONFSERVER-12944] XSS in site search action - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.9.2
Affects Version/s: 2.9
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

http://confluence.atlassian.com/dosearchsite.action?where=conf_all&queryString=%3Cscript%3Ealert('foo');%3C/script%3E

queryString needs to be escaped.

This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default.

Assignee:: Chris Broadfoot [Atlassian]

Reporter:: dave (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 04/Sep/2008 1:18 AM

Updated:: 11/Oct/2018 8:39 AM

Resolved:: 04/Sep/2008 8:27 AM