[CONFSERVER-17967] XSS vulnerability in pagetree and page macros - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: High
Resolution: Fixed
Affects Version/s: 2.9
Fix Version/s: 3.1
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

To reproduce this issue:

create a user with username "><<script>alert('hahahaha')</script>
create a personal space for this user
create a page in the personal space with pagetree and/or pagetreesearch macro

Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Giles Gaskell [Atlassian]

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 03/Dec/2009 11:13 PM

Updated:: 11/Oct/2018 8:50 AM

Resolved:: 07/Dec/2009 12:13 AM