XSS vulnerability in create/edit/copy page and blogpost actions

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Highest
    • 2.8.2
    • Affects Version/s: 2.8
    • Component/s: None

      The following create/edit page URL's are vulnerable:

      • /pages/createpage.action
      • /pages/docreatepage.action
      • /pages/editpage.action
      • /pages/doeditepage.action

      on parentPageString

      Example of a maliciously crafted path:
      /pages/doeditpage.action?pageId=12345&parentPageString=Home%22%3e%3cscript%3ealert("XSS")%3c%2fscript%3e

      where 12345 is a valid page id.

      Patch instructions for 2.8.x

      1. Shut down Confluence
      2. Copy attached content-editor.vm to confluence/template/custom
      3. Start up Confluence

        1. content-editor.vm
          9 kB
          Chris Broadfoot [Atlassian]

            Assignee:
            Don Willis
            Reporter:
            James Rinker
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: