New and Improved 3.13 Beta. Highlights: Shareable filters and dashboards and lots of other goodies. Any feedback can be raised as JIRA issues in the JIRA project.
Issue Details (XML | Word | Printable)

Key: CONF-8993
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Samuel Le Berrigaud [Atlassian]
Reporter: David Chui [Atlassian]
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Confluence

Reflected XSS Vulnerability in the Feed Builder

Created: 24/Jul/07 02:51 AM   Updated: 07/Aug/07 08:46 PM
Component/s: RSS / Atom feeds, Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.6, 2.6.0

Time Tracking:
Not Specified

Participants: David Chui [Atlassian] and Samuel Le Berrigaud [Atlassian]
Since last comment: 1 year, 5 weeks, 2 days ago
Resolution Date: 26/Jul/07 03:22 AM
Labels:


 Description  « Hide

Input in the Feed Builder is not properly handled.

Insert: 

"><<script>alert('Gotcha!')</script>

as the feed name (title) and you get url like this:

http://confluence.atlassian.com/dashboard/doconfigurerssfeed.action?types=page&types=blogpost&types=mail&types=comment&types=attachment&sort=modified&showContent=true&showDiff=true&spaces=conf_global&labelString=&rssType=atom&maxResults=10&timeSpan=5&publicFeed=true&title=%22%3E%3C%3Cscript%3Ealert%28%27Gotcha%21%27%29%3C%2Fscript%3E

Suggested fix: Escape output of title in

<link rel="alternate" type="application/atom+xml" title="" href=""/>
in the 
/dashboard/doconfigurerssfeed.action
view

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.

Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13_beta1-#328) - Bug/feature request - Atlassian news - Contact Administrators