Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 4.3.1
Affects Version/s: 4.2.7
Component/s: None
Labels:
- affects-server
- cvss-high
- editor
- security
- team-muppets
- verified
- xss

CVSS Score:
6.5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

From: OFFCONN-81:

Using "office excel"-macro (as part of viewfile, which is part of office connector plugin) seems to open up the possibility to get injected with XSS-code.

Steps to reproduce:

1.) Create an excel-file with following content in one cell:

'"><script>alert('XSS')</script><

2.) Attach this file to a confluence page

3.) Go into edit mode

4.) Use the "office excel" macro and choose the excel file

5.) Click "save"

Result:

An XSS-message appears

Attachments

Issue Links

mentioned in: Wiki Page Loading...

Activity

People

Assignee:: Niraj Bhawnani

Reporter:: Kai Gottschalk

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 03/Jul/2012 7:08 AM

Updated:: 11/Oct/2018 8:54 AM

Resolved:: 27/Aug/2012 7:31 AM