Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
6.5
-
Description
The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties.
Additionally, seemingly safe changes to these i18n keys could introduce vulnerabilities which would not be picked up again by our scanner.
Unsafe i18n calls:
confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm
$action.getText("title.remove.comment", [$action.getPage().getTitle()])
confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm:
$i18n.getText("move.page.dialog.location.description", [$page.title])
$i18n.getText('tip.edit.movepage.search', [$page.title])
These variables are currently unused in the English translations, so could be removed. Alternatively, they could be escaped by replacing the lines with the following (respectively):
confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm
$action.getText("title.remove.comment", ["$action.getPage().getTitle()"])
confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm:
$i18n.getText("move.page.dialog.location.description", ["$page.title"])
$i18n.getText('tip.edit.movepage.search', ["$page.title"])