Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-13713

Attachments macro has XSS vulnerability

    XMLWordPrintable

    Details

      Description

      After listening to Chris' security talk yesterday, I played around with areas of Confluence I am familiar with and I found a vulnerability in the attachments macro. You can create an attachment name with <script> tags and run script on a page that displays the attachment macro. The Attachments screen doesn't have this vulnerability.

        Attachments

          Activity

            People

            Assignee:
            rackley RyanA
            Reporter:
            rackley RyanA
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: