Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.8, 2.8.1, 2.8.2, 2.9, 2.9.1, 2.9.2
Description
After listening to Chris' security talk yesterday, I played around with areas of Confluence I am familiar with and I found a vulnerability in the attachments macro. You can create an attachment name with <script> tags and run script on a page that displays the attachment macro. The Attachments screen doesn't have this vulnerability.