Details
-
Bug
-
Resolution: Fixed
-
Highest
-
None
-
No-Version
-
Severity 3 - Minor
-
Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
Hi !
I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com .
You will have the POC as an atachment to this report that i am making.
Now i will show you in details how i managed to find this vulnerability.
Firstly I created an account in atlassian.com . When i created my account i set the full name to : "><svg/onload=confirm(document.domain)>;
Then under my services, i went to https://answers.atlassian.com/
and when the page fully loaded, the javascript payload that was in my full name was executed and i got the result shown in the attachment image.
I also uploaded another image as an atachment showing to you the user cookies which you can get by just replacing document.domain with document.cookie on the payload.
Regards,
Andi
Attachments
Issue Links
- relates to
-
CONFCLOUD-47027 Stored XSS Vulnerability found on Atlassian
- Closed