Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11808

XSS in DWR

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.10
    • 2.7.3
    • None

    • Debian 4.0
      java version "1.5.0_14"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
      Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
      Tomcat 5.5

      Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example

      /confluence/dwr/exec/AjaxUserProfileEditor.getPreferenceUserEditWysiwyg.dwr?callCount=1&c0-scriptName=AjaxUserProfileEditor&c0-methodName=getPreferenceUsertest&c0-id=');</script>a<script>Evil_Script</script>

      Maybe this bug is already known, getahead.org says that "DWR version 2.0.1 and before contained 2 XSS vulnerabilities". Perhaps this is one of them.

      Kind regards
      Bjoern Froebe

        1. 2.9.2.zip
          454 kB

              mjensen m@ (Inactive)
              e14a1dca601b Bjoern Froebe
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: