Type: Bug
Resolution: Obsolete
Priority: Medium
Fix Version/s: None
Affects Version/s: 3.5
Component/s: None
Labels:
- affects-server
- security
Environment:

Internet Explorer with Confluence.

Bug Fix Policy:
View Atlassian Server bug fix policy

Steps to reproduce

Create following HTML file and upload to any of Confluence page.
```
<script>
alert("Cookie: " + document.cookie);
</script>
```
Open the file on Internet Explorer 7.
Then, you will see the javascript in that HTML file executed automatically.

Issue happens with IE9,8,7 with Confluence 3.5.

Firefox and Safari presents a download 'save as' dialogue box and does not render.

mentioned in: Wiki Page Failed to load; Wiki Page Failed to load

Anatoli added a comment - 14/Mar/2012 2:51 AM

No longer applicable, tested against IE8 and IE9

Anatoli added a comment - 14/Mar/2012 2:51 AM No longer applicable, tested against IE8 and IE9

David Black added a comment - 08/Mar/2012 1:53 AM

CVSS score: 6.0 => High severity

Exploitability Metrics

AccessVector	Network
AccessComplexity	Low
Authentication	Single Instance

Impact Metrics

ConfImpact	Partial
IntegImpact	Partial
AvailImpact	Partial

See https://extranet.atlassian.com/display/SECCOUNCIL/How+to+evaluate+vulnerability+severity+under+CVSS for details and http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 for score calculator.

David Black added a comment - 08/Mar/2012 1:53 AM CVSS score: 6.0 => High severity Exploitability Metrics AccessVector Network AccessComplexity Low Authentication Single Instance Impact Metrics ConfImpact Partial IntegImpact Partial AvailImpact Partial See https://extranet.atlassian.com/display/SECCOUNCIL/How+to+evaluate+vulnerability+severity+under+CVSS for details and http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 for score calculator.

Richard Atkins added a comment - 04/Jul/2011 7:47 AM

This one should have been fixed by my fix for CONF-22132, which is in 3.5.7, but we need to double check.

Richard Atkins added a comment - 04/Jul/2011 7:47 AM This one should have been fixed by my fix for CONF-22132, which is in 3.5.7, but we need to double check.

Assignee:: Unassigned

Reporter:: Vincent Choy (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 18/May/2011 1:08 AM

Updated:: 11/Oct/2018 8:50 AM

Resolved:: 14/Mar/2012 2:51 AM

HTML file type attachments are automatically rendered in IE.

Steps to reproduce

[CONFSERVER-22529] HTML file type attachments are automatically rendered in IE.

Details

Description

Steps to reproduce

Attachments

Issue Links

Forms

Activity

[CONFSERVER-22529] HTML file type attachments are automatically rendered in IE.

Collapse comment: Anatoli added a comment - 14/Mar/2012 2:51 AM

Expand comment: Anatoli added a comment - 14/Mar/2012 2:51 AM

Collapse comment: David Black added a comment - 08/Mar/2012 1:53 AM

Expand comment: David Black added a comment - 08/Mar/2012 1:53 AM

Collapse comment: Richard Atkins added a comment - 04/Jul/2011 7:47 AM

Expand comment: Richard Atkins added a comment - 04/Jul/2011 7:47 AM

People

Dates