XSS vulnerability can be exploited on the WebDAV Configuration page

XMLWordPrintable

      Steps:

      1. Go to WebDAV Configuration
      2. Enter '<script>alert("XSS")</script>'
      3. Click on 'Add new regex' button

      The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button.

      This can be done by users in the confluence-admin group, so it could be used by them to gain access to sys-admin actions.

            Assignee:
            David Taylor (Inactive)
            Reporter:
            Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: