[CONFSERVER-8993] Reflected XSS Vulnerability in the Feed Builder - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.5.6, 2.6.0
Affects Version/s: 2.5.4
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Input in the Feed Builder is not properly handled.

Insert:

"><<script>alert('Gotcha!')</script>

as the feed name (title) and you get url like this:

http://confluence.atlassian.com/dashboard/doconfigurerssfeed.action?types=page&types=blogpost&types=mail&types=comment&types=attachment&sort=modified&showContent=true&showDiff=true&spaces=conf_global&labelString=&rssType=atom&maxResults=10&timeSpan=5&publicFeed=true&title=%22%3E%3C%3Cscript%3Ealert%28%27Gotcha%21%27%29%3C%2Fscript%3E

Suggested fix: Escape output of title in

<link rel="alternate" type="application/atom+xml" title="" href=""/>

in the

/dashboard/doconfigurerssfeed.action

view

relates to

CONFSERVER-30240 XSS in doconfigurerssfeed.action

Closed

Assignee:: Samuel Le Berrigaud

Reporter:: DavidA

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 24/Jul/2007 7:51 AM

Updated:: 11/Oct/2018 9:06 AM

Resolved:: 26/Jul/2007 8:22 AM