Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54078

XSS in page editor via Shortcut links

    XMLWordPrintable

    Details

      Description

      Steps to reproduce:
      1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
      2. by typing [searchterms@alias_name] in page editor you can trigger XSS

      By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  4 years, 43 weeks, 5 days ago