[CONFSERVER-16019] XSS vulnerability when moving page between spaces - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: High
Resolution: Fixed
Affects Version/s: 2.10.3
Fix Version/s: 3.0.1
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

You can create a space with HTML in the name. In most places this space name is correctly encoded however in the tree component given when you chose to move a page the destination space is name is not encoded properly.

To reproduce.
1) Create a space called <script>alert("Howdy");</script>
2) Create a page in another space
3) Move this new page, chosing the previously created space as the destination
4) You'll get a friendly 'Howdy' alert.

Because permissions can be set such that any user has space create permission this is a slightly greater problem than it might originally sound.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Attachments

patch_2.10.x.zip
6 kB
21/Jul/2009 7:52 AM
patch_3.0.zip
6 kB
11/Aug/2009 2:04 AM
screenshot1.png
49 kB
03/Jun/2009 7:32 AM

Issue Links

relates to

CONFSERVER-16135 XSS vulnerability in space name when page move would create a duplicate

Closed

Activity

People

Assignee:: Paul C

Reporter:: Paul C

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Jun/2009 7:28 AM

Updated:: 11/Oct/2018 8:56 AM

Resolved:: 18/Jun/2009 6:39 AM