Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9456

XSS Bug in printable link display

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.6.1
    • 2.5.7
    • None

    • Solaris 10, JDK 1.5.0_12, SunOne WebServer 6.1 SP8

      A Cross sites scripting vulnerability exists in macro used to render the 'printable' link.

      Here is an exploit for the vulnerability that works

      https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert('Watchfire%20XSS%20Test%20Successful')%3C/script%3E

      Bug was found using APPScan.

        1. wiki.appscan.doc
          118 kB
        2. appscan.wiki.doc
          361 kB
        3. printable-icon-xss.patch
          1 kB

            [CONFSERVER-9456] XSS Bug in printable link display

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2893558 ] New: CONFSERVER Bug Workflow v4 [ 2985572 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2774214 ] New: JAC Bug Workflow v3 [ 2893558 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2734053 ] New: JAC Bug Workflow v2 [ 2774214 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399460 ] New: JAC Bug Workflow [ 2734053 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2298068 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399460 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233107 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2298068 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193930 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233107 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1924062 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2193930 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1726515 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1924062 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1682331 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1726515 ]

              mjensen m@ (Inactive)
              a06b3b24deee Wyatt Crossin
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified