Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-31087

XSS in reorder panel

    XMLWordPrintable

Details

    Description

      To reproduce:
      1. Open a confluence instance in Firefox.
      2. Create a space with key "TEST".
      3. Create a page in that space called "<script>alert(0)</script>".
      4. Create two pages with the page from step 3 as their parent.
      5. Go to:

      [base path]/panels/reorderpage.action?panelName=reorder&spaceKey=TEST&title=%3Cscript%3Ealert%280%29%3C/script%3E&movedPageId=0&pageTitle=

      An alert should open. The strings in steps 2 and 3 are only important in that they need to match the URL (any space or XSS string can be used).

      See reorder-page.vm, line 10.

      Attachments

        Activity

          People

            psaw PatrickA
            djohnson@atlassian.com Dougall Johnson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: