-
Bug
-
Resolution: Fixed
-
Highest
-
2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4
-
None
We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence
{create-space-button}macro.
XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:
- cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
- The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting
This issue is reported in our security advisory on this page:
http://confluence.atlassian.com/x/HgdrDQ
[CONFSERVER-21394] XSS vulnerability in Create Space Button macro
Workflow | Original: JAC Bug Workflow v3 [ 2901801 ] | New: CONFSERVER Bug Workflow v4 [ 2996383 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2798412 ] | New: JAC Bug Workflow v3 [ 2901801 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2728900 ] | New: JAC Bug Workflow v2 [ 2798412 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2394024 ] | New: JAC Bug Workflow [ 2728900 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2289284 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2394024 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227719 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2289284 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2183539 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227719 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1913956 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2183539 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1721868 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1913956 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1674875 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1721868 ] |