[CONFSERVER-12944] XSS in site search action - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.9
Fix Version/s: 2.9.2
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

http://confluence.atlassian.com/dosearchsite.action?where=conf_all&queryString=%3Cscript%3Ealert('foo');%3C/script%3E

queryString needs to be escaped.

This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default.

Attachments

Activity

People

Assignee:: Chris Broadfoot [Atlassian]

Reporter:: dave (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 04/Sep/2008 1:18 AM

Updated:: 11/Oct/2018 8:39 AM

Resolved:: 04/Sep/2008 8:27 AM