New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: CONF-8952
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Unassigned
Reporter: Gergely Hodicska
Votes: 2
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Confluence

XSS vulnerability in app/pages/listpages-alphaview.action

Created: 19/Jul/07 07:56 AM   Updated: 09/Aug/07 09:53 PM
Component/s: Pages, Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.6

Time Tracking:
Not Specified

Environment: Standalone
Issue Links:
Cloners
 

Participants: Gergely Hodicska and Samuel Le Berrigaud [Atlassian]
Since last comment: 1 year, 4 weeks, 6 days ago
Resolution Date: 25/Jul/07 09:59 PM
Labels:


 Description  « Hide
Description:
XSS via the "startsWith" field in pages/listpages-alphaview.action.

Exploit:

http://app/pages/listpages-alphaview.action?key=&startsWith=xss:<script>alert(document.cookie)</script>

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Samuel Le Berrigaud [Atlassian] added a comment - 25/Jul/07 09:59 PM
Make sure that the startWith parameter is a letter. Default to 'a' if not.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators