[CONFSERVER-17967] XSS vulnerability in pagetree and page macros

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.1
Affects Version/s: 2.9
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

To reproduce this issue:

create a user with username "><<script>alert('hahahaha')</script>
create a personal space for this user
create a page in the personal space with pagetree and/or pagetreesearch macro

Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Giles Gaskell [Atlassian]

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 03/Dec/2009 11:13 PM

Updated:: 11/Oct/2018 8:50 AM

Resolved:: 07/Dec/2009 12:13 AM

Details

Description

Attachments

Forms

Activity

People

Dates