-
Bug
-
Resolution: Fixed
-
Highest
-
None
We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence Activity Stream gadget. All versions from 3.1 to 3.4.6 are affected.
XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:
- cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
- The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting
This issue is reported in our security advisory on this page:
https://confluence.atlassian.com/x/MgCzDQ
The page also includes detailed patch instructions.
[CONFSERVER-21606] XSS vulnerability in Activity Stream gadget
Workflow | Original: JAC Bug Workflow v3 [ 2889615 ] | New: CONFSERVER Bug Workflow v4 [ 2982103 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2802019 ] | New: JAC Bug Workflow v3 [ 2889615 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2732443 ] | New: JAC Bug Workflow v2 [ 2802019 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2397764 ] | New: JAC Bug Workflow [ 2732443 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2295390 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2397764 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2231380 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2295390 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2190439 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2231380 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1923937 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2190439 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1726442 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1923937 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1683364 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1726442 ] |