Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16644

XSS vulnerability can be exploited with the Userlister macro

      Use the following markup:

      {userlister:groups=<script>alert('Vulerable')</script>}

      Whenever the page is viewed, the script will be executed.

            [CONFSERVER-16644] XSS vulnerability can be exploited with the Userlister macro

            I have tested version 2.4.3 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.

            David Taylor (Inactive) added a comment - I have tested version 2.4.3 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.

            Anatoli added a comment -

            To fix the problem please upgrade to version 2.4.3 of the userlister plugin.

            Anatoli added a comment - To fix the problem please upgrade to version 2.4.3 of the userlister plugin.

            The corresponding issue in plugin project: http://developer.atlassian.com/jira/browse/USERLISTER-11

            Ryan Ericson [Atlassian] added a comment - The corresponding issue in plugin project: http://developer.atlassian.com/jira/browse/USERLISTER-11

              Unassigned Unassigned
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: