Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-17361

XSS vulnerability can be exploited using the Gallery macro

    XMLWordPrintable

    Details

      Description

      Upload an image to a page, and include the following in the attachment comment:

      <script>alert('vulnerable')</script>

      Now display the image using the gallery macro. When the full-size picture is viewed, the script in the comment will be executed.

      See example here: https://qa-cac.atlassian.com/display/~mhrynczak/xss+in+gallery

        Attachments

          Activity

            People

            Assignee:
            akazatchkov Anatoli
            Reporter:
            mhrynczak Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: