XSS in site search action

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 2.9.2
    • Affects Version/s: 2.9
    • Component/s: None

      http://confluence.atlassian.com/dosearchsite.action?where=conf_all&queryString=%3Cscript%3Ealert('foo');%3C/script%3E

      queryString needs to be escaped.

      This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default.

              Assignee:
              Chris Broadfoot [Atlassian]
              Reporter:
              dave (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: