Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-16135

XSS vulnerability in space name when page move would create a duplicate

    XMLWordPrintable

    Details

      Description

      1. Create a space called <script>alert("XSS");</script>
      2. Find a page named 'Home' in a different space
      3. Move this page, choosing the previously created space as the destination
      4. The move will fail due to the duplicate page name, and the script will be run.

        Attachments

        1. patch_2.10.x.zip
          6 kB
        2. patch_3.0.zip
          6 kB

          Issue Links

            Activity

              People

              Assignee:
              dave@atlassian.com dave (Inactive)
              Reporter:
              mhrynczak Mark Hrynczak (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: