Reflected XSS Vulnerability in the Feed Builder

XMLWordPrintable

      Input in the Feed Builder is not properly handled.

      Insert: 

      "><<script>alert('Gotcha!')</script>

      as the feed name (title) and you get url like this:

      http://confluence.atlassian.com/dashboard/doconfigurerssfeed.action?types=page&types=blogpost&types=mail&types=comment&types=attachment&sort=modified&showContent=true&showDiff=true&spaces=conf_global&labelString=&rssType=atom&maxResults=10&timeSpan=5&publicFeed=true&title=%22%3E%3C%3Cscript%3Ealert%28%27Gotcha%21%27%29%3C%2Fscript%3E

      Suggested fix: Escape output of title in

      <link rel="alternate" type="application/atom+xml" title="" href=""/>

      in the 

      /dashboard/doconfigurerssfeed.action

      view

            Assignee:
            Samuel Le Berrigaud
            Reporter:
            DavidA
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: