XSS in site search action

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 2.9.2
    • Affects Version/s: 2.9
    • Component/s: None

      http://confluence.atlassian.com/dosearchsite.action?where=conf_all&queryString=%3Cscript%3Ealert('foo');%3C/script%3E

      queryString needs to be escaped.

      This problem is fixed if they turn on Anti-XSS mode. We still need to fix this as anti-xss is not on by default.

            Assignee:
            Chris Broadfoot [Atlassian]
            Reporter:
            dave (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: