Details
-
Bug
-
Resolution: Fixed
-
Highest
-
2.8
-
None
Description
The following create/edit page URL's are vulnerable:
- /pages/createpage.action
- /pages/docreatepage.action
- /pages/editpage.action
- /pages/doeditepage.action
on parentPageString
Example of a maliciously crafted path:
/pages/doeditpage.action?pageId=12345&parentPageString=Home%22%3e%3cscript%3ealert("XSS")%3c%2fscript%3e
where 12345 is a valid page id.
Attachments
Issue Links
- is a regression of
-
CONFSERVER-11027 XSS vulnerabilities in create/edit/copy page and blogpost actions
-
- Closed
-