Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16209

XSS in PDF screen

XMLWordPrintable

      The "PDF Export Stylesheet" field is not encoded.

        1. confluence-flyingpdf-plugin-1.0.1.jar
          3.82 MB

            [CONFSERVER-16209] XSS in PDF screen

            Per Fragemann [Atlassian] added a comment -

            For consistency, this should only show up in 3.0.1

            Per Fragemann [Atlassian] added a comment - For consistency, this should only show up in 3.0.1

            Giles Gaskell [Atlassian] added a comment -

            The patch fix this vulnerability in Confluence version 3.0.0.

            Giles Gaskell [Atlassian] added a comment - The patch fix this vulnerability in Confluence version 3.0.0.

            Brian Nguyen (Inactive) added a comment -

            Attached is the fixed version of the pdf plugin

            Brian Nguyen (Inactive) added a comment - Attached is the fixed version of the pdf plugin

            Anatoli added a comment -

            Chris,

            are you going to release the plugin and commit the new version into branch?

            Anatoli added a comment - Chris, are you going to release the plugin and commit the new version into branch?

            Chris Broadfoot [Atlassian] added a comment -

            Committed. The plugin needs to be released and Confluence upgraded.

            Chris Broadfoot [Atlassian] added a comment - Committed. The plugin needs to be released and Confluence upgraded.

              bnguyen Brian Nguyen (Inactive)
              cbroadfoot Chris Broadfoot [Atlassian]
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: