[BSERV-2676] Persistent Cross Site Scripting Vulnerability

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 1.1.2
Affects Version/s: 1.1
Component/s: None
Labels:
- advisory
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a persistent cross-site scripting (XSS) vulnerabilities that affects Stash instances, including publicly available instances (that is, Internet-facing servers). XSS vulnerabilities allow an attacker to embed their own JavaScript into a Stash page.

More information is available in advisory at https://confluence.atlassian.com/display/STASH/Stash+security+advisory+2012-09-04

mentioned in: Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(55 mentioned in)

Rachel Robins made changes - 04/Feb/2021 12:54 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 284765 ]

Owen made changes - 10/Apr/2019 6:47 AM

Workflow

Original: Stash Workflow - Restricted [ 1447414 ]

New: JAC Bug Workflow v3 [ 3136791 ]

Rachel Robins made changes - 15/Dec/2017 9:36 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 274009 ]

Paz (Inactive) made changes - 01/May/2017 5:15 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 284765 ]

New: This issue links to "Page (Atlassian Documentation)" [ 284765 ]

Paz (Inactive) made changes - 01/May/2017 5:10 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 284765 ]

Rachel Robins made changes - 27/Mar/2017 8:52 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 274009 ]

New: This issue links to "Page (Atlassian Documentation)" [ 274009 ]

Rachel Robins made changes - 27/Mar/2017 8:48 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 274009 ]

Paz (Inactive) made changes - 16/Feb/2017 2:43 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 261624 ]

New: This issue links to "Page (Atlassian Documentation)" [ 261624 ]

Paz (Inactive) made changes - 16/Feb/2017 2:36 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 261624 ]

Paz (Inactive) made changes - 19/Jan/2017 10:41 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 252547 ]

New: This issue links to "Page (Atlassian Documentation)" [ 252547 ]

Assignee:: VitalyA

Reporter:: VitalyA

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 20/Aug/2012 4:13 AM

Updated:: 04/Feb/2021 12:54 AM

Resolved:: 20/Aug/2012 4:14 AM

Bitbucket Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

Backbone Issue Sync