• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 3.0
    • 2.10.3
    • None
    • Server: QA-EAC 3.0-m9-r2
      OS: Mac OS X 10.5.6
      Browser: Safari 3.2.1 (5525.27.1)

      A custom message can be used for when no contributors are found, it can be used as a XSS vector: https://qa-eac.atlassian.com/confluence/display/~pdzwart/Contributors+Macro+noneFoundMessage+XSS

      Markup
      {contributors:noneFoundMessage=<iframe src="http://www.youtube.com/v/60og9gwKh1o&hl=en&fs=1&autoplay=1"></iframe>}

            [CONFSERVER-15399] Contributors Macro noneFoundMessage XSS Vector

            No work has yet been logged on this issue.

              akazatchkov Anatoli
              pdzwart PdZ (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: