[CONFSERVER-11137] XSS vulnerability in pagepicker.action and spacepagepicker.action

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.8.2
Affects Version/s: 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

The following URL's are vulnerable:

/users/pagepicker.action
/users/spacepagepicker.action

on formname, fieldname and currentspace

Patch instructions for 2.6.x and 2.7.x

1. Shut down Confluence
2. Copy attached pagepicker.vm to confluence/users/
3. Start up Confluence

Patch instructions for 2.8.0 and 2.8.1

1. Shut down Confluence
2. Download and rename attached pagepicker-2.8.vm to pagepicker.vm
3. Copy pagepicker.vm to confluence/users/
4. Start up Confluence

Examples of maliciously crafted URLs:

users/spacepagepicker.action?fieldname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
users/spacepagepicker.action?formname=%3C%2Fscript%3E%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

pagepicker.vm
27/May/2008 2:33 AM
5 kB
dave
pagepicker-2.8.vm
24/Jun/2008 4:11 AM
5 kB
Chris Broadfoot [Atlassian]

Katherine Yabut made changes - 13/Nov/2018 4:42 AM

Workflow

Original: JAC Bug Workflow v3 [ 2890921 ]

New: CONFSERVER Bug Workflow v4 [ 2983087 ]

Owen made changes - 11/Oct/2018 8:56 AM

Workflow	Original: JAC Bug Workflow v2 [ 2776793 ]	New: JAC Bug Workflow v3 [ 2890921 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:12 PM

Workflow

Original: JAC Bug Workflow [ 2734161 ]

New: JAC Bug Workflow v2 [ 2776793 ]

Owen made changes - 02/Jul/2018 7:09 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399570 ]

New: JAC Bug Workflow [ 2734161 ]

Katherine Yabut made changes - 22/Jun/2017 6:53 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2298287 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2399570 ]

Katherine Yabut made changes - 31/May/2017 5:39 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233233 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2298287 ]

Katherine Yabut made changes - 31/May/2017 5:00 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2194217 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233233 ]

Katherine Yabut made changes - 31/May/2017 2:05 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1947269 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2194217 ]

Katherine Yabut made changes - 03/Apr/2017 4:03 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742683 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1947269 ]

Katherine Yabut made changes - 28/Feb/2017 6:38 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1703594 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1742683 ]

Assignee:: Unassigned

Reporter:: dave (Inactive)

Affected customers:: 1 This affects my team

Watchers:: 1 Start watching this issue

Created:: 17/Mar/2008 5:00 AM

Updated:: 11/Oct/2018 8:56 AM

Resolved:: 24/Jun/2008 4:10 AM

Details

Description

Patch instructions for 2.6.x and 2.7.x

Patch instructions for 2.8.0 and 2.8.1

Attachments

Attachments

Forms

Activity

People

Dates