• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.5.6
    • 2.5.4
    • None
    • Standalone

      Description:
      XSS via the "startsWith" field in pages/listpages-alphaview.action.

      Exploit:

      http://app/pages/listpages-alphaview.action?key=&startsWith=xss:<script>alert(document.cookie)</script>

            [CONFSERVER-8952] XSS vulnerability in app/pages/listpages-alphaview.action

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2892983 ] New: CONFSERVER Bug Workflow v4 [ 2984833 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2780675 ] New: JAC Bug Workflow v3 [ 2892983 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2725068 ] New: JAC Bug Workflow v2 [ 2780675 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2388474 ] New: JAC Bug Workflow [ 2725068 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2285415 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2388474 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225401 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2285415 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2179440 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225401 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1945754 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2179440 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742143 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1945754 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1702816 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1742143 ]

              Unassigned Unassigned
              b1e07ee35f09 Gergely Hodicska
              Affected customers:
              2 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: