-
Bug
-
Resolution: Fixed
-
Highest
-
None
We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence {include} macro. All versions from 2.7 to 3.4.6 are affected.
XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:
- cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
- The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting
This issue is reported in our security advisory on this page:
https://confluence.atlassian.com/x/MgCzDQ
The page also includes detailed patch instructions.
[CONFSERVER-21604] XSS vulnerability in Include Page macro
| Workflow | Original: JAC Bug Workflow v3 [ 2897767 ] | New: CONFSERVER Bug Workflow v4 [ 2992311 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2789674 ] | New: JAC Bug Workflow v3 [ 2897767 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2731979 ] | New: JAC Bug Workflow v2 [ 2789674 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2397272 ] | New: JAC Bug Workflow [ 2731979 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2294436 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2397272 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2230860 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2294436 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2189376 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2230860 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1919830 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2189376 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1729782 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1919830 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1682887 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1729782 ] |