Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-16136

XSS vulnerability can be exploited on the WebDAV Configuration page

    XMLWordPrintable

Details

    Description

      Steps:

      1. Go to WebDAV Configuration
      2. Enter '<script>alert("XSS")</script>'
      3. Click on 'Add new regex' button

      The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button.

      This can be done by users in the confluence-admin group, so it could be used by them to gain access to sys-admin actions.

      Attachments

        Activity

          People

            dtaylor David Taylor (Inactive)
            mhrynczak Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: