New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: CONF-8956
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Samuel Le Berrigaud [Atlassian]
Reporter: Gergely Hodicska
Votes: 3
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Confluence

stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action

Created: 19/Jul/07 03:31 PM   Updated: 07/Aug/07 08:46 PM
Component/s: Administration, Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.6, 2.6.0

Time Tracking:
Not Specified

Environment: Standalone

Participants: Gergely Hodicska and Samuel Le Berrigaud [Atlassian]
Since last comment: 1 year, 4 weeks, 4 days ago
Resolution Date: 26/Jul/07 03:20 AM
Labels:


 Description  « Hide
Description:
Stored XSS via page app/themes/leftnavigation/configuretheme.action?key=~<USERNAME>

Exploit:
Example value in the Naviagtion Page field: "><script>aletr(document.cookie)</script><x x="

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.

Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators