[#CONF-8950] XSS vulnerability in app/spaces/listattachmentforspace.action

Confluence

XSS vulnerability in app/spaces/listattachmentforspace.action

Created: 19/Jul/07 07:41 AM Updated: 07/Aug/07 08:46 PM

Component/s:

Attachments, Security, Spaces

Affects Version/s:

2.5.4

Fix Version/s:

2.5.6, 2.6.0

Time Tracking:

Not Specified

Environment:

Standalone

Issue Links:

Cloners

This issue was cloned as:

~~CONF-8952~~ XSS vulnerability in app/pages/listpages-alphaview.action

Participants:	Christopher Owen [Atlassian], Gergely Hodicska, Igor Minar and Samuel Le Berrigaud [Atlassian]
Since last comment:	1 year, 11 weeks, 4 days ago
Resolution Date:	26/Jul/07 03:21 AM
Labels:

Description

« Hide

Description:
XSS via the "Filter By File Extension" field in app/spaces/listattachmentforspace.action.

Exploit:
blah"><script>alert(document.cookie)</script><x x="

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Christopher Owen [Atlassian] added a comment - 23/Jul/07 02:07 AM

Thanks for reporting these.

Atlassian prioritises security related issues and as such will be addressing them as part of the 2.5.6 release. These releases happen on a 1-2 week basis.

[ Permlink | « Hide ]

Igor Minar added a comment - 23/Jul/07 02:14 AM

Hi Christopher,

What is the ETA for 2.5.6? I'm surprised to see that critical issues like these are left unpatched for weeks.

[ Permlink | « Hide ]

Gergely Hodicska added a comment - 23/Jul/07 03:21 AM

Hi Christopher,

I agree with Igor: few weeks seems a little too much to fix these bugs. I am not familiar devloping in JAVA, but this is only a small escaping/filtering issue.
In enterprise enviroment this bugs can be very easily exploited, bacuase people rely on eachother.