[CONFSERVER-15883] XSS in concurrent edit notification - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 3.0-rc1
Affects Version/s: 3.0-beta3
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

If a page is being editted by

<script>alert('hacked')</script>

and another user edits it at the same time, they are vulnerable to a potential XSS attack.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

page-editor-210-patched.js
24 kB
17/Jun/2009 2:49 AM
page-editor-29-patched.js
22 kB
29/May/2009 1:17 AM

No work has yet been logged on this issue.

Assignee:: CharlesA

Reporter:: Andrew Lynch (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 26/May/2009 1:29 AM

Updated:: 11/Oct/2018 8:40 AM

Resolved:: 27/May/2009 7:09 AM