Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11808

XSS in DWR

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • High
    • 2.10
    • 2.7.3
    • None

    • Debian 4.0
      java version "1.5.0_14"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
      Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
      Tomcat 5.5

    Description

      Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example

      /confluence/dwr/exec/AjaxUserProfileEditor.getPreferenceUserEditWysiwyg.dwr?callCount=1&c0-scriptName=AjaxUserProfileEditor&c0-methodName=getPreferenceUsertest&c0-id=');</script>a<script>Evil_Script</script>

      Maybe this bug is already known, getahead.org says that "DWR version 2.0.1 and before contained 2 XSS vulnerabilities". Perhaps this is one of them.

      Kind regards
      Bjoern Froebe

      Attachments

        1. 2.9.2.zip
          454 kB

        Activity

          People

            mjensen m@ (Inactive)
            e14a1dca601b Bjoern Froebe
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: