Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-21390

XSS vulnerability in Bookmarks macro

XMLWordPrintable

      We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence

      {bookmarks}

      macro.

      XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:

      This issue is reported in our security advisory on this page:
      http://confluence.atlassian.com/x/HgdrDQ

        1. socialbookmarking-1.3.4.jar
          76 kB
          Matthew Erickson

            [CONFSERVER-21390] XSS vulnerability in Bookmarks macro

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2896389 ] New: CONFSERVER Bug Workflow v4 [ 2989096 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2787612 ] New: JAC Bug Workflow v3 [ 2896389 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2718692 ] New: JAC Bug Workflow v2 [ 2787612 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2383852 ] New: JAC Bug Workflow [ 2718692 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2277888 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2383852 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2219707 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2277888 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2174690 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2219707 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1938427 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2174690 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1737380 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1938427 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1697482 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1737380 ]

              Unassigned Unassigned
              smaddox SarahA
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: