[CONFSERVER-17165] Links from indexbrowser.jsp are vulnerable to XSS attacks

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 3.1-m7
Affects Version/s: 2.5
Component/s: Search - Core
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

~~CONF-16888~~ has introduced or re-introduced an XSS vulnerability.

To reproduce:

Create a new user, and for the Full Name use:
```
<script>alert('Vulnerable')</script>
```
Go to ../admin/indexbrowser.jsp and find the entry
Click on the entry, and the script is executed.

This also happens for other content types.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

viewdocument.jsp
26/Nov/2009 12:38 AM
2 kB
Anatoli

is caused by

CONFSERVER-16888 indexbrowser.jsp displays documents but links to details display nothing

Closed

Katherine Yabut made changes - 13/Nov/2018 4:43 AM

Workflow

Original: JAC Bug Workflow v3 [ 2894414 ]

New: CONFSERVER Bug Workflow v4 [ 2986997 ]

Owen made changes - 11/Oct/2018 9:00 AM

Workflow	Original: JAC Bug Workflow v2 [ 2778810 ]	New: JAC Bug Workflow v3 [ 2894414 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:12 PM

Workflow

Original: JAC Bug Workflow [ 2718581 ]

New: JAC Bug Workflow v2 [ 2778810 ]

Owen made changes - 02/Jul/2018 6:54 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2382690 ]

New: JAC Bug Workflow [ 2718581 ]

Katherine Yabut made changes - 22/Jun/2017 6:48 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2275713 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2382690 ]

Katherine Yabut made changes - 31/May/2017 5:33 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2218329 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2275713 ]

Katherine Yabut made changes - 31/May/2017 4:56 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2172291 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2218329 ]

Katherine Yabut made changes - 31/May/2017 1:59 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1934262 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2172291 ]

Katherine Yabut made changes - 03/Apr/2017 4:00 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1733817 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1934262 ]

Katherine Yabut made changes - 28/Feb/2017 6:35 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1692349 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1733817 ]

Assignee:: Anatoli

Reporter:: Mark Hrynczak (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 09/Oct/2009 1:02 AM

Updated:: 11/Oct/2018 9:00 AM

Resolved:: 29/Nov/2009 11:10 PM

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

People

Dates