IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.10
    • 2.7.3
    • None
    • Debian 4.0
      java version "1.5.0_14"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
      Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
      Tomcat 5.5

      Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example

      /confluence/dwr/exec/AjaxUserProfileEditor.getPreferenceUserEditWysiwyg.dwr?callCount=1&c0-scriptName=AjaxUserProfileEditor&c0-methodName=getPreferenceUsertest&c0-id=');</script>a<script>Evil_Script</script>

      Maybe this bug is already known, getahead.org says that "DWR version 2.0.1 and before contained 2 XSS vulnerabilities". Perhaps this is one of them.

      Kind regards
      Bjoern Froebe

        1. 2.9.2.zip
          454 kB

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

              • Icon: Bug Bug
              • Resolution: Fixed
              • Icon: High High
              • 2.10
              • 2.7.3
              • None
              • Debian 4.0
                java version "1.5.0_14"
                Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
                Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
                Tomcat 5.5

                Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example

                /confluence/dwr/exec/AjaxUserProfileEditor.getPreferenceUserEditWysiwyg.dwr?callCount=1&c0-scriptName=AjaxUserProfileEditor&c0-methodName=getPreferenceUsertest&c0-id=');</script>a<script>Evil_Script</script>

                Maybe this bug is already known, getahead.org says that "DWR version 2.0.1 and before contained 2 XSS vulnerabilities". Perhaps this is one of them.

                Kind regards
                Bjoern Froebe

                  1. 2.9.2.zip
                    454 kB

                        mjensen m@ (Inactive)
                        e14a1dca601b Bjoern Froebe
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        0 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            mjensen m@ (Inactive)
                            e14a1dca601b Bjoern Froebe
                            Affected customers:
                            0 This affects my team
                            Watchers:
                            0 Start watching this issue

                              Created:
                              Updated:
                              Resolved: