[CONFSERVER-9456] XSS Bug in printable link display - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.6.1
Affects Version/s: 2.5.7
Component/s: None
Labels:
- affects-server
- security
Environment:

Solaris 10, JDK 1.5.0_12, SunOne WebServer 6.1 SP8

Bug Fix Policy:
View Atlassian Server bug fix policy

A Cross sites scripting vulnerability exists in macro used to render the 'printable' link.

Here is an exploit for the vulnerability that works

https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert('Watchfire%20XSS%20Test%20Successful')%3C/script%3E

Bug was found using APPScan.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

wiki.appscan.doc
13/Sep/2007 8:15 AM
118 kB
Wyatt Crossin
appscan.wiki.doc
14/Sep/2007 2:49 PM
361 kB
Wyatt Crossin
printable-icon-xss.patch
08/Oct/2007 6:13 AM
1 kB
Matt Ryall

Assignee:: m@ (Inactive)

Reporter:: Wyatt Crossin

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 13/Sep/2007 8:15 AM

Updated:: 11/Oct/2018 8:59 AM

Resolved:: 08/Oct/2007 6:14 AM

Estimated:

2h

Remaining:

2h

Logged:

Not Specified