Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-11027

XSS vulnerabilities in create/edit/copy page and blogpost actions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
    • Fix Version/s: 2.7.3
    • Component/s: None

      Description

      The following create/edit page URL's are vulnerable:

      • /pages/createpage.action
      • /pages/docreatepage.action
      • /pages/editpage.action
      • /pages/doeditepage.action

      on parentPageString, mode, labelsString, captchaId

      The following create/edit blogpost URL's are vulnerable:

      • /pages/createblogpost.action
      • /pages/docreateblogpost.action
      • /pages/editblogpost.action
      • /pages/doeditblogpost.action

      on mode, labelsString, title, captchaId

      The following copy page URL's are vulnerable:

      • /pages/copypage.action
      • /pages/docopypage.action

      on parentPageString, mode, labelsString, captchaId

      The following comment action URL's are vulnerable:

      • pages/addcomment.action
      • pages/doaddcomment.action

      on mode and captchaId

        Attachments

        1. createblogpost-form.vm
          3 kB
        2. macros.vm
          123 kB
        3. page-labels-form.vm
          3 kB
        4. page-location-form.vm
          4 kB
        5. wiki-textarea.vm
          27 kB

          Issue Links

            Activity

              People

              Assignee:
              cbroadfoot Chris Broadfoot [Atlassian]
              Reporter:
              dave@atlassian.com dave (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: