Details
-
Bug
-
Resolution: Fixed
-
Highest
-
3.0
-
None
Description
Steps:
- Go to WebDAV Configuration
- Enter '<script>alert("XSS")</script>'
- Click on 'Add new regex' button
The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button.
This can be done by users in the confluence-admin group, so it could be used by them to gain access to sys-admin actions.