Issue Details (XML | Word | Printable)

Key: CONF-8980
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Unassigned
Reporter: Gergely Hodicska
Votes: 1
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Confluence

XSS vulnerability at "Edit Space Permissions"

Created: 23/Jul/07 06:52 AM   Updated: 07/Aug/07 08:46 PM
Component/s: Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.6, 2.6.0

Time Tracking:
Not Specified

Environment: Standalone

Participants: Gergely Hodicska and Samuel Le Berrigaud [Atlassian]
Since last comment: 1 year, 11 weeks, 4 days ago
Resolution Date: 24/Jul/07 03:02 AM
Labels:


 Description  « Hide
Description:
XSS vulnerability at "Edit Space Permissions" page

Exploit:
Write to the "Grant permission to" field: "<script>alert(document.cookie)</script>"

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Samuel Le Berrigaud [Atlassian] added a comment - 24/Jul/07 03:02 AM
Encoded user and group names in error message.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators