A user with username "><script>alert("foo")</script> that is linked to via [~username] markup results in script being executed.

      Curiously, viewing the space homepage of that user results in a blank page.

      This of course is prevented for public signup, but if the user gets created via other means, i.e. external user management, or via admin control panel then this is a valid point of attack

        1. CONF-15970-patches.zip
          25 kB
          Brian Nguyen

            [CONFSERVER-15970] XSS in user links

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2884024 ] New: CONFSERVER Bug Workflow v4 [ 2992251 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2787324 ] New: JAC Bug Workflow v3 [ 2884024 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2718168 ] New: JAC Bug Workflow v2 [ 2787324 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380000 ] New: JAC Bug Workflow [ 2718168 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2270932 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380000 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216103 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2270932 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167618 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216103 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1925980 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2167618 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1727901 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1925980 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1684355 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1727901 ]

              bnguyen Brian Nguyen (Inactive)
              cbroadfoot Chris Broadfoot [Atlassian]
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: