Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Component/s: None
Labels:

CVSS Score:
6
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

Steps to reproduce:
1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
2. by typing [searchterms@alias_name] in page editor you can trigger XSS

By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Tin Vuu (Inactive)

Reporter:: Michał Marek

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Oct/2014 8:42 PM

Updated:: 22/Aug/2019 4:03 AM

Resolved:: 03/Nov/2014 2:24 AM