[CONFSERVER-20964] XSS vulnerability in Tasklist macro - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 3.4
Affects Version/s: None
Component/s: None
Labels:
- editor
- macros-dynamic-tasklist

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence Tasklist macro.

An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server.
An attacker's text and script might be displayed to other people viewing the Confluence page. This is potentially damaging to your company's reputation.

This issue is reported in our security advisory on this page:
http://confluence.atlassian.com/x/mgtgDQ

You can read more about XSS attacks at cgisecurity, CERT and other places on the web:

Assignee:: Unassigned

Reporter:: SarahA

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 05/Oct/2010 5:43 AM

Updated:: 11/Oct/2018 8:48 AM

Resolved:: 05/Oct/2010 5:44 AM