Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54078

XSS in page editor via Shortcut links

    XMLWordPrintable

    Details

      Description

      Steps to reproduce:
      1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
      2. by typing [searchterms@alias_name] in page editor you can trigger XSS

      By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tvuu Tin Vuu (Inactive)
              Reporter:
              michal.marek Michał Marek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: