Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-12944

XSS in site search action

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 2.9.2
    • 2.9
    • None

      http://confluence.atlassian.com/dosearchsite.action?where=conf_all&queryString=%3Cscript%3Ealert('foo');%3C/script%3E

      queryString needs to be escaped.

      This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default.

            [CONFSERVER-12944] XSS in site search action

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2877223 ] New: CONFSERVER Bug Workflow v4 [ 2984507 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2777308 ] New: JAC Bug Workflow v3 [ 2877223 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2714669 ] New: JAC Bug Workflow v2 [ 2777308 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380568 ] New: JAC Bug Workflow [ 2714669 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2271928 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380568 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216544 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2271928 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2168528 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216544 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1927817 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2168528 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1728894 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1927817 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1686288 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1728894 ]

              cbroadfoot Chris Broadfoot [Atlassian]
              dave@atlassian.com dave (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: