Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-15399

Contributors Macro noneFoundMessage XSS Vector

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 3.0
    • 2.10.3
    • None

    • Server: QA-EAC 3.0-m9-r2
      OS: Mac OS X 10.5.6
      Browser: Safari 3.2.1 (5525.27.1)

    Description

      A custom message can be used for when no contributors are found, it can be used as a XSS vector: https://qa-eac.atlassian.com/confluence/display/~pdzwart/Contributors+Macro+noneFoundMessage+XSS

      Markup
      {contributors:noneFoundMessage=<iframe src="http://www.youtube.com/v/60og9gwKh1o&hl=en&fs=1&autoplay=1"></iframe>}

      Attachments

        Issue Links

          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-15397 Instant Messenger Macro XSS Vector

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              akazatchkov Anatoli
              pdzwart PdZ (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: