Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16135

XSS vulnerability in space name when page move would create a duplicate

    XMLWordPrintable

Details

    Description

      1. Create a space called <script>alert("XSS");</script>
      2. Find a page named 'Home' in a different space
      3. Move this page, choosing the previously created space as the destination
      4. The move will fail due to the duplicate page name, and the script will be run.

      Attachments

        1. patch_2.10.x.zip
          6 kB
        2. patch_3.0.zip
          6 kB

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-16019 XSS vulnerability when moving page between spaces

          • High - High priority issues
          • Closed

          Activity

            People

              dave@atlassian.com dave (Inactive)
              mhrynczak Mark Hrynczak (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: