XSS Vulnerability in About Me field

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      Steps to reproduce:

      In id.atlassian.com, add to your About me:

      <script>console.log(' +++++ Hi Dennis ++++++');</script>

      Save & check in your answers profile - the JS will appear in the browser console.

      jclark@atlassian.com can you do me a favor and give every profile field an once-over?

            Assignee:
            Joe Clark
            Reporter:
            Dennis Kromhout van der Meer (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: