[CONFSERVER-8950] XSS vulnerability in app/spaces/listattachmentforspace.action

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.5.6, 2.6.0
Affects Version/s: 2.5.4
Component/s: None
Labels:
- affects-server
- editor
- security
- spaces
Environment:

Standalone

Bug Fix Policy:
View Atlassian Server bug fix policy

Description:
XSS via the "Filter By File Extension" field in app/spaces/listattachmentforspace.action.

Exploit:
blah"><script>alert(document.cookie)</script><x x="

was cloned as

CONFSERVER-8952 XSS vulnerability in app/pages/listpages-alphaview.action

Closed

Katherine Yabut made changes - 13/Nov/2018 4:46 AM

Workflow

Original: JAC Bug Workflow v3 [ 2902734 ]

New: CONFSERVER Bug Workflow v4 [ 2997386 ]

Owen made changes - 11/Oct/2018 9:09 AM

Workflow	Original: JAC Bug Workflow v2 [ 2800395 ]	New: JAC Bug Workflow v3 [ 2902734 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:18 PM

Workflow

Original: JAC Bug Workflow [ 2734022 ]

New: JAC Bug Workflow v2 [ 2800395 ]

Owen made changes - 02/Jul/2018 7:09 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399428 ]

New: JAC Bug Workflow [ 2734022 ]

Katherine Yabut made changes - 22/Jun/2017 6:53 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2297985 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399428 ]

Katherine Yabut made changes - 31/May/2017 5:39 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233066 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2297985 ]

Katherine Yabut made changes - 31/May/2017 5:00 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193825 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233066 ]

Katherine Yabut made changes - 31/May/2017 2:05 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1927648 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193825 ]

Katherine Yabut made changes - 03/Apr/2017 3:58 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1728809 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1927648 ]

Katherine Yabut made changes - 28/Feb/2017 6:34 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1686116 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1728809 ]

Assignee:: Samuel Le Berrigaud

Reporter:: Gergely Hodicska

Affected customers:: 2 This affects my team

Watchers:: 1 Start watching this issue

Created:: 19/Jul/2007 12:41 PM

Updated:: 11/Oct/2018 9:09 AM

Resolved:: 26/Jul/2007 8:21 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates