Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-22479

XSS vulnerability in doeditmysettings.action

XMLWordPrintable

      This vulnerability affects all versions from 3.5 and above.

      We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence settings editing action.

      XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:

      This issue is reported in our security advisory on this page:
      https://confluence.atlassian.com/x/aAI5Dg

        1. CONF-22479_patch.zip
          105 kB
          VitalyA

            [CONFSERVER-22479] XSS vulnerability in doeditmysettings.action

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2886009 ] New: CONFSERVER Bug Workflow v4 [ 2979443 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2792715 ] New: JAC Bug Workflow v3 [ 2886009 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2722592 ] New: JAC Bug Workflow v2 [ 2792715 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385783 ] New: JAC Bug Workflow [ 2722592 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2282055 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385783 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2222945 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2282055 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2172809 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2222945 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1935391 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2172809 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1734793 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1935391 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1693546 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1734793 ]

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: