Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.1.4, 5.2-OD-14
-
None
-
5.3-CDOG-3353
-
7.5
-
Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
Filed by vosipov on behalf of write.muhammadwaqar.
http://$hostname/dashboard/doconfigurerssfeed.action?types=page&pageSubTypes=comment&pageSubTypes=attachment&types=blogpost&blogpostSubTypes=comment&blogpostSubTypes=attachment&types=mail&spaces=conf_all&title=%23%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3B%3E&labelString=%23%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3B%3E&excludedSpaceKeys=&sort=modified&maxResults=11&timeSpan=5&showContent=true&showDiff=true&confirm=Create+RSS+Feed
Works in Firefox.
note title and labelstring parameters need encoding.
Attachments
Issue Links
- is related to
-
CONFSERVER-8993 Reflected XSS Vulnerability in the Feed Builder
- Closed
- relates to
-
CONFCLOUD-30240 XSS in doconfigurerssfeed.action
- Closed
- mentioned in
-
Wiki Page Loading...