Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-20126

XSS vulnerability in Clickr theme

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: 2.7, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8, 2.8.1, 2.8.2, 2.8.3, 2.9, 2.9.1, 2.9.2, 2.9.3, 2.10, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 3.0, 3.0.1, 3.0.2, 3.1, 3.1.1, 3.1.2, 3.2, 3.2.1
    • Fix Version/s: 3.3
    • Component/s: Themes / Theming

      Description

      We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence Clickr theme.

      • An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server.
      • An attacker's text and script might be displayed to other people viewing the Confluence page. This is potentially damaging to your company's reputation.

      This issue is reported in our security advisory on this page:
      http://confluence.atlassian.com/x/_ggODQ

      You can read more about XSS attacks at cgisecurity, CERT and other places on the web:

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            smaddox SarahA
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: