Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.1.5, 2.2.10, 2.3.3, 2.4.5, 2.5.8, 2.6.2, 2.7.2
-
None
Description
The following create/edit page URL's are vulnerable:
- /pages/createpage.action
- /pages/docreatepage.action
- /pages/editpage.action
- /pages/doeditepage.action
on parentPageString, mode, labelsString, captchaId
The following create/edit blogpost URL's are vulnerable:
- /pages/createblogpost.action
- /pages/docreateblogpost.action
- /pages/editblogpost.action
- /pages/doeditblogpost.action
on mode, labelsString, title, captchaId
The following copy page URL's are vulnerable:
- /pages/copypage.action
- /pages/docopypage.action
on parentPageString, mode, labelsString, captchaId
The following comment action URL's are vulnerable:
- pages/addcomment.action
- pages/doaddcomment.action
on mode and captchaId
Attachments
Issue Links
- has a regression in
-
CONFSERVER-11985 XSS vulnerability in create/edit/copy page and blogpost actions
- Closed