Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-11027

XSS vulnerabilities in create/edit/copy page and blogpost actions

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Medium
    • Resolution: Fixed
    • 2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
    • 2.7.3
    • None

    Description

      The following create/edit page URL's are vulnerable:

      • /pages/createpage.action
      • /pages/docreatepage.action
      • /pages/editpage.action
      • /pages/doeditepage.action

      on parentPageString, mode, labelsString, captchaId

      The following create/edit blogpost URL's are vulnerable:

      • /pages/createblogpost.action
      • /pages/docreateblogpost.action
      • /pages/editblogpost.action
      • /pages/doeditblogpost.action

      on mode, labelsString, title, captchaId

      The following copy page URL's are vulnerable:

      • /pages/copypage.action
      • /pages/docopypage.action

      on parentPageString, mode, labelsString, captchaId

      The following comment action URL's are vulnerable:

      • pages/addcomment.action
      • pages/doaddcomment.action

      on mode and captchaId

      Attachments

        1. createblogpost-form.vm
          3 kB
        2. macros.vm
          123 kB
        3. page-labels-form.vm
          3 kB
        4. page-location-form.vm
          4 kB
        5. wiki-textarea.vm
          27 kB

        Issue Links

          Activity

            People

              cbroadfoot Chris Broadfoot [Atlassian]
              dave@atlassian.com dave (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: