-
Bug
-
Resolution: Fixed
-
Medium
-
3.5
-
None
This vulnerability affects all versions from 3.5 and above.
We have identified and fixed a cross-site scripting (XSS) vulnerability in the Confluence settings editing action.
XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including these:
- cgisecurity.com: http://www.cgisecurity.com/articles/xss-faq.shtml
- The Web Application Security Consortium: http://projects.webappsec.org/Cross-Site+Scripting
This issue is reported in our security advisory on this page:
https://confluence.atlassian.com/x/aAI5Dg
[CONFSERVER-22479] XSS vulnerability in doeditmysettings.action
Workflow | Original: JAC Bug Workflow v3 [ 2886009 ] | New: CONFSERVER Bug Workflow v4 [ 2979443 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2792715 ] | New: JAC Bug Workflow v3 [ 2886009 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2722592 ] | New: JAC Bug Workflow v2 [ 2792715 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385783 ] | New: JAC Bug Workflow [ 2722592 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2282055 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385783 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2222945 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2282055 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2172809 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2222945 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1935391 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2172809 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1734793 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1935391 ] |
Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1693546 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1734793 ] |