Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-16136

XSS vulnerability can be exploited on the WebDAV Configuration page

    XMLWordPrintable

    Details

      Description

      Steps:

      1. Go to WebDAV Configuration
      2. Enter '<script>alert("XSS")</script>'
      3. Click on 'Add new regex' button

      The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button.

      This can be done by users in the confluence-admin group, so it could be used by them to gain access to sys-admin actions.

        Attachments

          Activity

            People

            Assignee:
            dtaylor David Taylor (Inactive)
            Reporter:
            mhrynczak Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: