Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16651

XSS vulnerability can be exploited with the pagetree macro

      Use the following markup:

      {pagetree:root=<script>alert('12')</script>}

      Whenever the page is viewed, the script will be executed.

        1. pagetree-1.12.jar
          28 kB
          Michael S

            [CONFSERVER-16651] XSS vulnerability can be exploited with the pagetree macro

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2890747 ] New: CONFSERVER Bug Workflow v4 [ 3000862 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2777608 ] New: JAC Bug Workflow v3 [ 2890747 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2715394 ] New: JAC Bug Workflow v2 [ 2777608 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2381385 ] New: JAC Bug Workflow [ 2715394 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2273465 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2381385 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2217106 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2273465 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169826 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2217106 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1930123 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169826 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1730551 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1930123 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1688568 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1730551 ]

              Unassigned Unassigned
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: