Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-39689

Rest API XSS

    XMLWordPrintable

Details

    Description

      An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14.

      The vulnerability is located at /rest/prototype/1/session/check/something

      POC URL:
      http://<server>/conf_path/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E

      This was confirmed in the latest version of firefox.

      Attachments

        Issue Links

          incorporates

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-30792 Incorrect error message in session/check REST resource

          • Low - Low priority issues
          • Closed
          included in

          [JIRA] CPU-121 Confluence 6.0.0-OD-2015.49.1-0002

          [JIRA] CPU-139 Confluence 6.0.0-OD-2015.49.1-0003

          [JIRA] CPU-141 Confluence 6.0.0-OD-2015.50.1-0003

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              mtran@atlassian.com Minh Tran
              fa1767dc8cc8 Sebastian Perez
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: