Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-17361

XSS vulnerability can be exploited using the Gallery macro

XMLWordPrintable

      Upload an image to a page, and include the following in the attachment comment:

      <script>alert('vulnerable')</script>

      Now display the image using the gallery macro. When the full-size picture is viewed, the script in the comment will be executed.

      See example here: https://qa-cac.atlassian.com/display/~mhrynczak/xss+in+gallery

            [CONFSERVER-17361] XSS vulnerability can be exploited using the Gallery macro

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2876990 ] New: CONFSERVER Bug Workflow v4 [ 2984020 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2776987 ] New: JAC Bug Workflow v3 [ 2876990 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2714018 ] New: JAC Bug Workflow v2 [ 2776987 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2379731 ] New: JAC Bug Workflow [ 2714018 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2270432 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2379731 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2215861 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2270432 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167183 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2215861 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1925074 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167183 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1727343 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1925074 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1683460 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1727343 ]

              akazatchkov Anatoli
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: