Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8956

stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action

    XMLWordPrintable

Details

    Description

      Description:
      Stored XSS via page app/themes/leftnavigation/configuretheme.action?key=~<USERNAME>

      Exploit:
      Example value in the Naviagtion Page field: "><script>aletr(document.cookie)</script><x x="

      Attachments

        Activity

          People

            sleberrigaud Samuel Le Berrigaud
            b1e07ee35f09 Gergely Hodicska
            Votes:
            3 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: