Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16644

XSS vulnerability can be exploited with the Userlister macro

XMLWordPrintable

      Use the following markup:

      {userlister:groups=<script>alert('Vulerable')</script>}

      Whenever the page is viewed, the script will be executed.

            [CONFSERVER-16644] XSS vulnerability can be exploited with the Userlister macro

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2883248 ] New: CONFSERVER Bug Workflow v4 [ 2991551 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2785593 ] New: JAC Bug Workflow v3 [ 2883248 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2715243 ] New: JAC Bug Workflow v2 [ 2785593 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380917 ] New: JAC Bug Workflow [ 2715243 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2272537 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2380917 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216775 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2272537 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169033 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216775 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1928720 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169033 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1729426 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1928720 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1687262 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1729426 ]

              Unassigned Unassigned
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: