Use the following markup:
{pagetree:root=<script>alert('12')</script>}
Whenever the page is viewed, the script will be executed.
[CONFSERVER-16651] XSS vulnerability can be exploited with the pagetree macro
Workflow | Original: JAC Bug Workflow v3 [ 2890747 ] | New: CONFSERVER Bug Workflow v4 [ 3000862 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2777608 ] | New: JAC Bug Workflow v3 [ 2890747 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2715394 ] | New: JAC Bug Workflow v2 [ 2777608 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2381385 ] | New: JAC Bug Workflow [ 2715394 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2273465 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2381385 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2217106 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2273465 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169826 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2217106 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1930123 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169826 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1730551 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1930123 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1688568 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1730551 ] |