Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-12944

XSS in site search action

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 2.9.2
    • 2.9
    • None

    Description

      http://confluence.atlassian.com/dosearchsite.action?where=conf_all&queryString=%3Cscript%3Ealert('foo');%3C/script%3E

      queryString needs to be escaped.

      This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default.

      Attachments

        Activity

          People

            cbroadfoot Chris Broadfoot [Atlassian]
            dave@atlassian.com dave (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: