The bookmarking code under the url

      http://localhost:8080/plugins/socialbookmarking/updatebookmark.action

      is vulnerable to XSS attacks using the spaceKey parameter:

      submitting the following code will execute javascript:

      spaceKey=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%22%3E

      IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the
      vulnerability to publicly available security forums such as CERT (www.cert.org). Our policy is to give
      you at least 30 days grace period prior to any public disclosure.

        1. header.vm
          2 kB
          Brian Nguyen

              bnguyen Brian Nguyen (Inactive)
              9454181e1678 Thomas Jaehnel
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: