-
Bug
-
Resolution: Fixed
-
Highest
-
2.10
Use the following markup on a page:
text
{noformat}><script>alert('XSS')</script><b a=a{noformat}
On another page in the same space, use the
{index}macro. When this page is loaded by a user, the script will run.
See here for a working example on QA-CAC.
- is duplicated by
-
CONFSERVER-6990 Javascript in wiki page executed by {index}
-
- Closed
-
[CONFSERVER-14753] XSS vulnerability can be exploited with the Page Index macro
Workflow | Original: JAC Bug Workflow v3 [ 2887191 ] | New: CONFSERVER Bug Workflow v4 [ 2998994 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2795393 ] | New: JAC Bug Workflow v3 [ 2887191 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2725549 ] | New: JAC Bug Workflow v2 [ 2795393 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389255 ] | New: JAC Bug Workflow [ 2725549 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2285832 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389255 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225653 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2285832 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2179878 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225653 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1946497 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2179878 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742342 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1946497 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1703119 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1742342 ] |