Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13043

XSS in pagetree plugin

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Highest Highest
    • 2.9.2, 2.10
    • 2.9, 2.9.1
    • None

    • using standalone 2.9.1 win 2003 prof, jdk 1.6
      also tested on 2.9 deployed in tomcat 6.0.18

      The pagetree plugin is vulnerable for XSS injecting the code in the treeId field.

      Example below:

      http://localhost:8080/plugins/pagetree/naturalchildren.action?decorator=none&excerpt=false&sort=position&reverse=false&hasRoot=true&pageId=393237&treeId=%22><script>alert(document.cookie)</script>&startDepth=0&ancestors=393238

      Note: this only works if the acestors and pageId are actual ids of pages in the system.

      IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the
      vulnerability to publicly available security forums such as CERT (www.cert.org). Our policy is to give
      you at least 30 days grace period prior to any public disclosure.

            [CONFSERVER-13043] XSS in pagetree plugin

            No work has yet been logged on this issue.

              bnguyen Brian Nguyen (Inactive)
              9454181e1678 Thomas Jaehnel
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: