Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11808

XSS in DWR

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.10
    • 2.7.3
    • None

    • Debian 4.0
      java version "1.5.0_14"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
      Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
      Tomcat 5.5

      Confluence still uses DWR 1.1.4. This version contains a Cross Site Scripting Vulnerability in the handling of error messages. Example

      /confluence/dwr/exec/AjaxUserProfileEditor.getPreferenceUserEditWysiwyg.dwr?callCount=1&c0-scriptName=AjaxUserProfileEditor&c0-methodName=getPreferenceUsertest&c0-id=');</script>a<script>Evil_Script</script>

      Maybe this bug is already known, getahead.org says that "DWR version 2.0.1 and before contained 2 XSS vulnerabilities". Perhaps this is one of them.

      Kind regards
      Bjoern Froebe

        1. 2.9.2.zip
          454 kB

            [CONFSERVER-11808] XSS in DWR

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2887661 ] New: CONFSERVER Bug Workflow v4 [ 2999224 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2796338 ] New: JAC Bug Workflow v3 [ 2887661 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2726544 ] New: JAC Bug Workflow v2 [ 2796338 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2390697 ] New: JAC Bug Workflow [ 2726544 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2270026 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2390697 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220572 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2270026 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160243 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220572 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1945820 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160243 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742173 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1945820 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1702857 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1742173 ]

              mjensen m@ (Inactive)
              e14a1dca601b Bjoern Froebe
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: