Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16136

XSS vulnerability can be exploited on the WebDAV Configuration page

XMLWordPrintable

      Steps:

      1. Go to WebDAV Configuration
      2. Enter '<script>alert("XSS")</script>'
      3. Click on 'Add new regex' button

      The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button.

      This can be done by users in the confluence-admin group, so it could be used by them to gain access to sys-admin actions.

            [CONFSERVER-16136] XSS vulnerability can be exploited on the WebDAV Configuration page

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2896217 ] New: CONFSERVER Bug Workflow v4 [ 2988846 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2787325 ] New: JAC Bug Workflow v3 [ 2896217 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2718169 ] New: JAC Bug Workflow v2 [ 2787325 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380001 ] New: JAC Bug Workflow [ 2718169 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2270934 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380001 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216104 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2270934 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167620 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216104 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1925982 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167620 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1727903 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1925982 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1684358 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1727903 ]

              dtaylor David Taylor (Inactive)
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: