-
Bug
-
Resolution: Fixed
-
Highest
-
2.8
-
None
The following create/edit page URL's are vulnerable:
- /pages/createpage.action
- /pages/docreatepage.action
- /pages/editpage.action
- /pages/doeditepage.action
on parentPageString
Example of a maliciously crafted path:
/pages/doeditpage.action?pageId=12345&parentPageString=Home%22%3e%3cscript%3ealert("XSS")%3c%2fscript%3e
where 12345 is a valid page id.
- is a regression of
-
CONFSERVER-11027 XSS vulnerabilities in create/edit/copy page and blogpost actions
-
- Closed
-
[CONFSERVER-11985] XSS vulnerability in create/edit/copy page and blogpost actions
Workflow | Original: JAC Bug Workflow v3 [ 2898395 ] | New: CONFSERVER Bug Workflow v4 [ 3002071 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2790662 ] | New: JAC Bug Workflow v3 [ 2898395 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2720781 ] | New: JAC Bug Workflow v2 [ 2790662 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389925 ] | New: JAC Bug Workflow [ 2720781 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2268568 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389925 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212678 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2268568 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160304 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212678 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1945897 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160304 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742210 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1945897 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1702910 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1742210 ] |