Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-11153

XSS vulnerability in social bookmarking plugin bundled in Confluence

    XMLWordPrintable

    Details

      Description

      The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances (even if you do not use the plugin or do not have the Add Bookmark Web Item enabled).

      The updatebookmark.action URL is vulnerable on these parameters:

      • bookmarkPageId
      • redirect
      • labelsString

      The JIRA issue created in the developer.atlassian.com project for this plugin can be found here: http://developer.atlassian.com/jira/browse/MARK-60.

        Attachments

          Activity

            People

            Assignee:
            dave@atlassian.com dave (Inactive)
            Reporter:
            dave@atlassian.com dave (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: