Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-15376

Gallery Macro XSS

XMLWordPrintable

      The title of the gallery can be used as an XSS vector:
      https://qa-eac.atlassian.com/confluence/display/~pdzwart/Gallery+Macro+XSS+Test

          Form Name

            [CONFSERVER-15376] Gallery Macro XSS

            CharlesA added a comment -

            To fix this issue in version 2.9.x of Confluence you will need to upgrade to version 1.4.2.2 of the Confluence Advanced Macros. The JAR file can be downloaded directly from here or you can upgrade using the Atlassian Plugin Repository client built into Confluence.

            CharlesA added a comment - To fix this issue in version 2.9.x of Confluence you will need to upgrade to version 1.4.2.2 of the Confluence Advanced Macros . The JAR file can be downloaded directly from here or you can upgrade using the Atlassian Plugin Repository client built into Confluence.

            Paul Curren added a comment -

            To fix this issue in version 2.10.x of Confluence you will need to upgrade to version 1.5.3.4 of the Confluence Advanced Macros. The JAR file can be downloaded directly from here or you can upgrade using the Atlassian Plugin Repository client built into Confluence.

            Paul Curren added a comment - To fix this issue in version 2.10.x of Confluence you will need to upgrade to version 1.5.3.4 of the Confluence Advanced Macros . The JAR file can be downloaded directly from here or you can upgrade using the Atlassian Plugin Repository client built into Confluence.

            Paul Curren added a comment -

            This is actually fixed in 1.6.2.2 of the advanced macros which is already in Confluence.

            Paul Curren added a comment - This is actually fixed in 1.6.2.2 of the advanced macros which is already in Confluence.

            Paul Curren added a comment -

            This has been resolved in the gallery macro: http://developer.atlassian.com/jira/browse/ADVMACROS-107

            We need to upgrade the version bundled with Confluence once a fix is released. I will coordinate this with David Chui.

            Paul Curren added a comment - This has been resolved in the gallery macro: http://developer.atlassian.com/jira/browse/ADVMACROS-107 We need to upgrade the version bundled with Confluence once a fix is released. I will coordinate this with David Chui.

            Per Fragemann [Atlassian] added a comment -

            Not a 3.0 specific bug, so removing the affects-version. Still needs to be fixed in 3.0 though

            Per Fragemann [Atlassian] added a comment - Not a 3.0 specific bug, so removing the affects-version. Still needs to be fixed in 3.0 though

            Per Fragemann [Atlassian] added a comment -

            More fun work

            Per Fragemann [Atlassian] added a comment - More fun work

            Per Fragemann [Atlassian] added a comment -

            Nice work Peter. Love the video too.

            We need to fix this asap.

            Per Fragemann [Atlassian] added a comment - Nice work Peter. Love the video too. We need to fix this asap.

              pcurren Paul Curren
              pdzwart PdZ (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: