Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-14753

XSS vulnerability can be exploited with the Page Index macro

      Use the following markup on a page:

      text
      {noformat}><script>alert('XSS')</script><b a=a{noformat}

      On another page in the same space, use the

      {index}

      macro. When this page is loaded by a user, the script will run.

      See here for a working example on QA-CAC.

            [CONFSERVER-14753] XSS vulnerability can be exploited with the Page Index macro

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2887191 ] New: CONFSERVER Bug Workflow v4 [ 2998994 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2795393 ] New: JAC Bug Workflow v3 [ 2887191 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2725549 ] New: JAC Bug Workflow v2 [ 2795393 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389255 ] New: JAC Bug Workflow [ 2725549 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2285832 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389255 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225653 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2285832 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2179878 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225653 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1946497 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2179878 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742342 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1946497 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1703119 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1742342 ]

              alynch Andrew Lynch (Inactive)
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: