[CONFSERVER-16644] XSS vulnerability can be exploited with the Userlister macro - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 3.0.2, 3.1-m3
Affects Version/s: 3.0
Component/s: None
Labels:
- affects-server
- editor
- qa-manual
- security
- xss

Bug Fix Policy:
View Atlassian Server bug fix policy

Use the following markup:

{userlister:groups=<script>alert('Vulerable')</script>}

Whenever the page is viewed, the script will be executed.

Assignee:: Unassigned

Reporter:: Mark Hrynczak (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 17/Aug/2009 1:13 AM

Updated:: 11/Oct/2018 8:47 AM

Resolved:: 09/Sep/2009 5:40 AM