Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-15402

XSS vulnerability can be exploited with the viewppt macro

    XMLWordPrintable

Details

    Description

      Upload a file test.ppt

      Use markup:

      {viewppt:test.ppt|height=<script>alert("xss")</script>|width=<script>alert("xss")</script>}

      The scripts will be executed when the page is loaded.

      Attachments

        Activity

          People

            mjensen m@ (Inactive)
            mhrynczak Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: