-
Bug
-
Resolution: Fixed
-
Medium
-
2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
-
None
The following URL's are vulnerable:
- /users/pagepicker.action
- /users/spacepagepicker.action
on formname, fieldname and currentspace
Examples of maliciously crafted URLs:
- users/spacepagepicker.action?fieldname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
- users/spacepagepicker.action?formname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
[CONFSERVER-11137] XSS vulnerability in pagepicker.action and spacepagepicker.action
Workflow | Original: JAC Bug Workflow v3 [ 2890921 ] | New: CONFSERVER Bug Workflow v4 [ 2983087 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2776793 ] | New: JAC Bug Workflow v3 [ 2890921 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2734161 ] | New: JAC Bug Workflow v2 [ 2776793 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399570 ] | New: JAC Bug Workflow [ 2734161 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2298287 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399570 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233233 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2298287 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2194217 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233233 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1947269 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2194217 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742683 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1947269 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1703594 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1742683 ] |