Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-17967

XSS vulnerability in pagetree and page macros

    XMLWordPrintable

    Details

      Description

      To reproduce this issue:

      • create a user with username "><<script>alert('hahahaha')</script>
      • create a personal space for this user
      • create a page in the personal space with pagetree and/or pagetreesearch macro

      Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                9 years, 29 weeks, 6 days ago