[CONFSERVER-11808] XSS in DWR - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: High
Resolution: Fixed
Affects Version/s: 2.7.3
Fix Version/s: 2.10
Component/s: None
Labels:
Environment:

Debian 4.0
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
Tomcat 5.5

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example

/confluence/dwr/exec/AjaxUserProfileEditor.getPreferenceUserEditWysiwyg.dwr?callCount=1&c0-scriptName=AjaxUserProfileEditor&c0-methodName=getPreferenceUsertest&c0-id=');</script>a<script>Evil_Script</script>

Maybe this bug is already known, getahead.org says that "DWR version 2.0.1 and before contained 2 XSS vulnerabilities". Perhaps this is one of them.

Kind regards
Bjoern Froebe

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

2.9.2.zip
454 kB
30/Nov/2008 11:22 PM

Activity

People

Assignee:: m@

Reporter:: Bjoern Froebe

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/May/2008 1:52 PM

Updated:: 11/Oct/2018 8:53 AM

Resolved:: 14/Nov/2008 4:43 AM