Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16651

XSS vulnerability can be exploited with the pagetree macro

XMLWordPrintable

      Use the following markup:

      {pagetree:root=<script>alert('12')</script>}

      Whenever the page is viewed, the script will be executed.

        1. pagetree-1.12.jar
          28 kB

            [CONFSERVER-16651] XSS vulnerability can be exploited with the pagetree macro

            David Taylor (Inactive) added a comment -

            I have tested version 1.12 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.

            David Taylor (Inactive) added a comment - I have tested version 1.12 on 2.10.3 and 3.0.1 and it works correctly. Anyone on 2.10.x or 3.0.x should be able to upgrade the plugin to fix this issue.

            Ryan Ericson [Atlassian] added a comment -

            Upgrading pagetree-plugin to version 1.12 will fix this.

            Ryan Ericson [Atlassian] added a comment - Upgrading pagetree-plugin to version 1.12 will fix this.

            Anatoli added a comment -

            The corresponding issue in the plugin project: http://developer.atlassian.com/jira/browse/PGTR-64

            Anatoli added a comment - The corresponding issue in the plugin project: http://developer.atlassian.com/jira/browse/PGTR-64

            Anatoli added a comment -

            To fix this issue please pagetree plugin to the version 1.12.

            Anatoli added a comment - To fix this issue please pagetree plugin to the version 1.12.

              Unassigned Unassigned
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: