• Type: Bug
• Resolution: Fixed
• Priority: Highest
• Fix Version/s: 3.0.2, 3.1-m3
• Affects Version/s: 3.0
• Component/s: None
• Labels:

  • affects-server
  • editor
  • qa-manual
  • security
  • xss

[CONFSERVER-16644] XSS vulnerability can be exploited with the Userlister macro

Collapse comment: David Taylor (Inactive) added a comment - 17/Sep/2009 5:43 AM

David Taylor (Inactive) added a comment - 17/Sep/2009 5:43 AM

I have tested version 2.4.3 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.

Expand comment: David Taylor (Inactive) added a comment - 17/Sep/2009 5:43 AM

David Taylor (Inactive) added a comment - 17/Sep/2009 5:43 AM I have tested version 2.4.3 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.

Collapse comment: Anatoli added a comment - 26/Aug/2009 5:18 AM

Anatoli added a comment - 26/Aug/2009 5:18 AM

To fix the problem please upgrade to version 2.4.3 of the userlister plugin.

Expand comment: Anatoli added a comment - 26/Aug/2009 5:18 AM

Anatoli added a comment - 26/Aug/2009 5:18 AM To fix the problem please upgrade to version 2.4.3 of the userlister plugin.

Collapse comment: Ryan Ericson [Atlassian] added a comment - 26/Aug/2009 3:44 AM

Ryan Ericson [Atlassian] added a comment - 26/Aug/2009 3:44 AM

The corresponding issue in plugin project: http://developer.atlassian.com/jira/browse/USERLISTER-11

Expand comment: Ryan Ericson [Atlassian] added a comment - 26/Aug/2009 3:44 AM

Ryan Ericson [Atlassian] added a comment - 26/Aug/2009 3:44 AM The corresponding issue in plugin project: http://developer.atlassian.com/jira/browse/USERLISTER-11