XSS vulnerabilities in create/edit/copy page and blogpost actions

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 2.7.3
    • Affects Version/s: 2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
    • Component/s: None

      The following create/edit page URL's are vulnerable:

      • /pages/createpage.action
      • /pages/docreatepage.action
      • /pages/editpage.action
      • /pages/doeditepage.action

      on parentPageString, mode, labelsString, captchaId

      The following create/edit blogpost URL's are vulnerable:

      • /pages/createblogpost.action
      • /pages/docreateblogpost.action
      • /pages/editblogpost.action
      • /pages/doeditblogpost.action

      on mode, labelsString, title, captchaId

      The following copy page URL's are vulnerable:

      • /pages/copypage.action
      • /pages/docopypage.action

      on parentPageString, mode, labelsString, captchaId

      The following comment action URL's are vulnerable:

      • pages/addcomment.action
      • pages/doaddcomment.action

      on mode and captchaId

        1. createblogpost-form.vm
          3 kB
        2. macros.vm
          123 kB
        3. page-labels-form.vm
          3 kB
        4. page-location-form.vm
          4 kB
        5. wiki-textarea.vm
          27 kB

            Assignee:
            Chris Broadfoot [Atlassian]
            Reporter:
            dave (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: