-
Bug
-
Resolution: Fixed
-
Highest
-
3.0.2
Upload an image to a page, and include the following in the attachment comment:
<script>alert('vulnerable')</script>
Now display the image using the gallery macro. When the full-size picture is viewed, the script in the comment will be executed.
See example here: https://qa-cac.atlassian.com/display/~mhrynczak/xss+in+gallery
[CONFSERVER-17361] XSS vulnerability can be exploited using the Gallery macro
Workflow | Original: JAC Bug Workflow v3 [ 2876990 ] | New: CONFSERVER Bug Workflow v4 [ 2984020 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2776987 ] | New: JAC Bug Workflow v3 [ 2876990 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2714018 ] | New: JAC Bug Workflow v2 [ 2776987 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2379731 ] | New: JAC Bug Workflow [ 2714018 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2270432 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2379731 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2215861 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2270432 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167183 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2215861 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1925074 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167183 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1727343 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1925074 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1683460 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1727343 ] |