-
Bug
-
Resolution: Fixed
-
High
-
2.5.4
-
None
-
Standalone
Description:
Stored XSS via page app/themes/leftnavigation/configuretheme.action?key=~<USERNAME>
Exploit:
Example value in the Naviagtion Page field: "><script>aletr(document.cookie)</script><x x="
[CONFSERVER-8956] stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action
| Workflow | Original: JAC Bug Workflow v3 [ 2891304 ] | New: CONFSERVER Bug Workflow v4 [ 2983412 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2781015 ] | New: JAC Bug Workflow v3 [ 2891304 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2711561 ] | New: JAC Bug Workflow v2 [ 2781015 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376994 ] | New: JAC Bug Workflow [ 2711561 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2265047 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376994 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2213670 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2265047 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2162684 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2213670 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1918984 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2162684 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1723405 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1918984 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1677471 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1723405 ] |
