Contributors Macro noneFoundMessage XSS Vector

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 3.0
    • Affects Version/s: 2.10.3
    • Component/s: None
    • Environment:

      Server: QA-EAC 3.0-m9-r2
      OS: Mac OS X 10.5.6
      Browser: Safari 3.2.1 (5525.27.1)

      A custom message can be used for when no contributors are found, it can be used as a XSS vector: https://qa-eac.atlassian.com/confluence/display/~pdzwart/Contributors+Macro+noneFoundMessage+XSS

      Markup
      {contributors:noneFoundMessage=<iframe src="http://www.youtube.com/v/60og9gwKh1o&hl=en&fs=1&autoplay=1"></iframe>}

        1. contributors-1.2.3.jar
          67 kB
          Andrew Lynch

            Assignee:
            Anatoli
            Reporter:
            PdZ (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: