[CONFSERVER-15402] XSS vulnerability can be exploited with the viewppt macro - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.0-beta3
Affects Version/s: 3.0-m9
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Upload a file test.ppt

Use markup:

{viewppt:test.ppt|height=<script>alert("xss")</script>|width=<script>alert("xss")</script>}

The scripts will be executed when the page is loaded.

Assignee:: m@ (Inactive)

Reporter:: Mark Hrynczak (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 29/Apr/2009 8:53 AM

Updated:: 11/Oct/2018 8:39 AM

Resolved:: 22/May/2009 1:22 AM