Details
-
Bug
-
Resolution: Fixed
-
High
-
4.3.1
-
None
-
6.5
-
Description
The parent title of a confluence page is not html encoded when displayed in removepage.action this results in a persistent XSS vector.
Steps to reproduce:
1. Add a page with a title of "" <script>alert(3);</script>
2. from the Add menu select "Add page" (so it is a child of the first page)
3. save the new page (child)
4. on the child page - from the tools menu select "remove"
5. see an alert dialogue with the number 3 in it.