Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11137

XSS vulnerability in pagepicker.action and spacepagepicker.action

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 2.8.2
    • 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
    • None

      The following URL's are vulnerable:

      • /users/pagepicker.action
      • /users/spacepagepicker.action

      on formname, fieldname and currentspace

      Patch instructions for 2.6.x and 2.7.x

      1. Shut down Confluence
      2. Copy attached pagepicker.vm to confluence/users/
      3. Start up Confluence

      Patch instructions for 2.8.0 and 2.8.1

      1. Shut down Confluence
      2. Download and rename attached pagepicker-2.8.vm to pagepicker.vm
      3. Copy pagepicker.vm to confluence/users/
      4. Start up Confluence

      Examples of maliciously crafted URLs:

      • users/spacepagepicker.action?fieldname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
      • users/spacepagepicker.action?formname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E

        1. pagepicker.vm
          5 kB
          dave
        2. pagepicker-2.8.vm
          5 kB
          Chris Broadfoot [Atlassian]

            [CONFSERVER-11137] XSS vulnerability in pagepicker.action and spacepagepicker.action

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2890921 ] New: CONFSERVER Bug Workflow v4 [ 2983087 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2776793 ] New: JAC Bug Workflow v3 [ 2890921 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2734161 ] New: JAC Bug Workflow v2 [ 2776793 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399570 ] New: JAC Bug Workflow [ 2734161 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2298287 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399570 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233233 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2298287 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2194217 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233233 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1947269 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2194217 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742683 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1947269 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1703594 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1742683 ]

              Unassigned Unassigned
              dave@atlassian.com dave (Inactive)
              Affected customers:
              1 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: