[CONFSERVER-16651] XSS vulnerability can be exploited with the pagetree macro - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 3.0.2, 3.1-m3
Affects Version/s: 3.0
Component/s: None
Labels:
- affects-server
- editor
- qa-manual
- security
- xss

Bug Fix Policy:
View Atlassian Server bug fix policy

Use the following markup:

{pagetree:root=<script>alert('12')</script>}

Whenever the page is viewed, the script will be executed.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

pagetree-1.12.jar
28 kB
12/Oct/2009 5:52 AM

Assignee:: Unassigned

Reporter:: Mark Hrynczak (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 18/Aug/2009 1:18 AM

Updated:: 11/Oct/2018 8:56 AM

Resolved:: 09/Sep/2009 5:39 AM