Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54078

XSS in page editor via Shortcut links

XMLWordPrintable

      Steps to reproduce:
      1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
      2. by typing [searchterms@alias_name] in page editor you can trigger XSS

      By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.

              tvuu Tin Vuu (Inactive)
              michal.marek Michał Marek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: