XSS vulnerability in "children" macro when displaying excerpts

XMLWordPrintable

    • 6.5

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      • Create a parent page A with a child page B
      • Add an {excerpt} macro to B containing the text <script>alert("Gotcha!");</script>
      • Add the {children} macro to page A, with "Show excerpts" checked
      • Alert is shown when viewing A

      This is currently present on EAC - likely to be in released versions; not tested yet.

      Found by dpabst and me during QA

              Assignee:
              Thinh Quang Hua (Inactive)
              Reporter:
              Nick Clarke
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: