Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13713

Attachments macro has XSS vulnerability

XMLWordPrintable

      After listening to Chris' security talk yesterday, I played around with areas of Confluence I am familiar with and I found a vulnerability in the attachments macro. You can create an attachment name with <script> tags and run script on a page that displays the attachment macro. The Attachments screen doesn't have this vulnerability.

            [CONFSERVER-13713] Attachments macro has XSS vulnerability

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2891698 ] New: CONFSERVER Bug Workflow v4 [ 2983748 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2797745 ] New: JAC Bug Workflow v3 [ 2891698 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2727892 ] New: JAC Bug Workflow v2 [ 2797745 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2392734 ] New: JAC Bug Workflow [ 2727892 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2288555 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2392734 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227313 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2288555 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2182767 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227313 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1950963 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2182767 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1744649 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1950963 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1706394 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1744649 ]

              rackley RyanA
              rackley RyanA
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: