Details
-
Bug
-
Resolution: Fixed
-
High
-
6.5
-
Description
NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.
- Create a parent page A with a child page B
- Add an {excerpt} macro to B containing the text <script>alert("Gotcha!");</script>
- Add the {children} macro to page A, with "Show excerpts" checked
- Alert is shown when viewing A
This is currently present on EAC - likely to be in released versions; not tested yet.
Found by dpabst and me during QA
Attachments
Issue Links
- is related to
-
CONFSERVER-35777 XSS vulnerability in "children" macro when displaying excerpts
- Closed