Details
-
Bug
-
Resolution: Fixed
-
Highest
-
2.10
Description
Use the following markup on a page:
text
{noformat}><script>alert('XSS')</script><b a=a{noformat}
On another page in the same space, use the
{index}macro. When this page is loaded by a user, the script will run.
See here for a working example on QA-CAC.
Attachments
Issue Links
- is duplicated by
-
CONFSERVER-6990 Javascript in wiki page executed by {index}
- Closed