Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-26342

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Highest
    • 4.3.2
    • 4.2.11
    • None

    • fireball-164 – confluence 4.3-RC1 (apparently)

    Description

      There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page.
      Here is an example of a reflected xss (it adds a picture of a lolcat to the page).

      https://wpad.jira-dev.com/wiki/plugins/dailysummary/settings.action?setting=subscribe-to-recommended&value=false&token=&username=%22'x%3Cimg%20src=http://mintyferret.com/wp-content/uploads/2007/07/lolcat7.gif%3E

      Attachments

        Issue Links

          is caused by

          Suggestion - CONFSERVER-15548 The i18n in velocity templates does not auto html encode parameters

          • Closed

          Activity

            People

              dblack David Black
              dblack David Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: