Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-46695

XSS Vulnerability in About Me field

XMLWordPrintable

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      Steps to reproduce:

      In id.atlassian.com, add to your About me:

      <script>console.log(' +++++ Hi Dennis ++++++');</script>

      Save & check in your answers profile - the JS will appear in the browser console.

      jclark@atlassian.com can you do me a favor and give every profile field an once-over?

              jclark@atlassian.com Joe Clark
              dmeer Dennis Kromhout van der Meer (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: