Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-17967

XSS vulnerability in pagetree and page macros

    XMLWordPrintable

Details

    Description

      To reproduce this issue:

      • create a user with username "><<script>alert('hahahaha')</script>
      • create a personal space for this user
      • create a page in the personal space with pagetree and/or pagetreesearch macro

      Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.

      Attachments

        Activity

          People

            Unassigned Unassigned
            ggaskell Giles Gaskell [Atlassian]
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: