[CONFSERVER-17967] XSS vulnerability in pagetree and page macros - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: 2.9
Fix Version/s: 3.1
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

To reproduce this issue:

create a user with username "><<script>alert('hahahaha')</script>
create a personal space for this user
create a page in the personal space with pagetree and/or pagetreesearch macro

Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Giles Gaskell [Atlassian]

Participants:

Giles Gaskell [Atlassian], Mark Hrynczak, Paul Curren

Last Touched By:

Katherine Yabut

Reviewers:

Mark Hrynczak, Paul Curren

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

03/Dec/2009 11:13 PM

Updated:

11/Oct/2018 8:50 AM

Resolved:

07/Dec/2009 12:13 AM

Last commented:

9 years, 29 weeks, 6 days ago