[CONFCLOUD-54078] XSS in page editor via Shortcut links - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Component/s: None
Labels:

CVSS Score:
6
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

Steps to reproduce:
1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
2. by typing [searchterms@alias_name] in page editor you can trigger XSS

By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Tin Vuu (Inactive)

Reporter:: Michał Marek

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Oct/2014 8:42 PM

Updated:: 22/Aug/2019 4:03 AM

Resolved:: 03/Nov/2014 2:24 AM