-
Bug
-
Resolution: Fixed
-
High
-
2.9
-
None
To reproduce this issue:
- create a user with username "><<script>alert('hahahaha')</script>
- create a personal space for this user
- create a page in the personal space with pagetree and/or pagetreesearch macro
Note that confluence does not work very well with such usernames so you would need to use actions directly when creating/viewing pages in the user space.
[CONFSERVER-17967] XSS vulnerability in pagetree and page macros
| Workflow | Original: JAC Bug Workflow v3 [ 2885914 ] | New: CONFSERVER Bug Workflow v4 [ 2980082 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2792426 ] | New: JAC Bug Workflow v3 [ 2885914 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2722257 ] | New: JAC Bug Workflow v2 [ 2792426 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385467 ] | New: JAC Bug Workflow [ 2722257 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2281433 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385467 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2222405 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2281433 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169802 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2222405 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1930080 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169802 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1730513 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1930080 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1688532 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1730513 ] |
