Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-15883

XSS in concurrent edit notification

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 3.0-rc1
    • 3.0-beta3
    • None

      If a page is being editted by 

      <script>alert('hacked')</script>

      and another user edits it at the same time, they are vulnerable to a potential XSS attack.

        1. page-editor-210-patched.js
          24 kB
        2. page-editor-29-patched.js
          22 kB

            [CONFSERVER-15883] XSS in concurrent edit notification

            Igor Minar added a comment -

            thanks

            Igor Minar added a comment - thanks

            Andrew Lynch (Inactive) added a comment -

            Hi Igor,

            I appear to attached the wrong file to this case. My apologies for that.
            I've uploaded a new version of the file.

            Regards,
            Andrew Lynch

            Andrew Lynch (Inactive) added a comment - Hi Igor, I appear to attached the wrong file to this case. My apologies for that. I've uploaded a new version of the file. Regards, Andrew Lynch

            Igor Minar added a comment -

            I noticed that the attached page-editor-210patched.js is identical as the one distributed with 2.10.3. This suggest that either the js is not patched or that you re-released 2.10.3 sources. Which one is it?

            thanks,
            Igor

            Igor Minar added a comment - I noticed that the attached page-editor-210patched.js is identical as the one distributed with 2.10.3. This suggest that either the js is not patched or that you re-released 2.10.3 sources. Which one is it? thanks, Igor

            Andrew Lynch (Inactive) added a comment -

            I have provided patches compatible with 2.9.2 and 2.10.3.
            These are most likely usable with 2.9.x and 2.10.x, but these versions have not been tested.

            To apply the patch, download the relevant file and rename it to page-editor.js, and copy it to your <installation>/includes/js/page-editor.js.

            No restart is necessary, but you may need to have your client's browsers flush their caches to pick up the updated content.

            Regards,
            Andrew Lynch

            Andrew Lynch (Inactive) added a comment - I have provided patches compatible with 2.9.2 and 2.10.3. These are most likely usable with 2.9.x and 2.10.x, but these versions have not been tested. To apply the patch, download the relevant file and rename it to page-editor.js, and copy it to your <installation>/includes/js/page-editor.js. No restart is necessary, but you may need to have your client's browsers flush their caches to pick up the updated content. Regards, Andrew Lynch

            PdZ (Inactive) added a comment -

            Fantastico!

            PdZ (Inactive) added a comment - Fantastico!

            CharlesA added a comment -

            (Javascript already looked over by Dmitry)

            CharlesA added a comment - (Javascript already looked over by Dmitry)

            CharlesA added a comment -

            Changed the Javascript that generates the warning to use DOM and text() instead of string concatenation and html().

            Couldn't find any func. tests for the concurrent edit warning? But I did test it manually.

            CharlesA added a comment - Changed the Javascript that generates the warning to use DOM and text() instead of string concatenation and html(). Couldn't find any func. tests for the concurrent edit warning? But I did test it manually.

              cmiller CharlesA
              alynch Andrew Lynch (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: