Persistent xss flaw in the revision history (of comments).

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page for an edited comment does not sanitize or html encode the content of the current and previous comments. Therefore an attacker can exploit this issue to craft a persistent xss attack.

              Assignee:
              Joe Clark
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: