Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-47387

Persistent xss flaw in the revision history (of comments).

XMLWordPrintable

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page for an edited comment does not sanitize or html encode the content of the current and previous comments. Therefore an attacker can exploit this issue to craft a persistent xss attack.

              jclark@atlassian.com Joe Clark
              dblack David Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: