[CONFSERVER-11137] XSS vulnerability in pagepicker.action and spacepagepicker.action - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
Fix Version/s: 2.8.2
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The following URL's are vulnerable:

/users/pagepicker.action
/users/spacepagepicker.action

on formname, fieldname and currentspace

Patch instructions for 2.6.x and 2.7.x

1. Shut down Confluence
2. Copy attached pagepicker.vm to confluence/users/
3. Start up Confluence

Patch instructions for 2.8.0 and 2.8.1

1. Shut down Confluence
2. Download and rename attached pagepicker-2.8.vm to pagepicker.vm
3. Copy pagepicker.vm to confluence/users/
4. Start up Confluence

Examples of maliciously crafted URLs:

users/spacepagepicker.action?fieldname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
users/spacepagepicker.action?formname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

pagepicker.vm
5 kB
27/May/2008 2:33 AM
pagepicker-2.8.vm
5 kB
24/Jun/2008 4:11 AM

Activity

People

Assignee:: Unassigned

Reporter:: dave (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Mar/2008 5:00 AM

Updated:: 11/Oct/2018 8:56 AM

Resolved:: 24/Jun/2008 4:10 AM