-
Bug
-
Resolution: Fixed
-
Highest
-
4.2.6, 4.3
-
None
-
6
-
There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page.
Steps to reproduce:
1.create a page named: "''/><video onerror=alert(234234) src=xxx>'kasdfjas'dfasdf
2. (on the page) click on the "move" option under the tools drop-down menu
3. see an alert box with the number 234234 in it.
[CONFSERVER-25818] XSS vulnerability in the "move" page action with html/js in the page name
| Workflow | Original: JAC Bug Workflow v3 [ 2902277 ] | New: CONFSERVER Bug Workflow v4 [ 2996875 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2799539 ] | New: JAC Bug Workflow v3 [ 2902277 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2730014 ] | New: JAC Bug Workflow v2 [ 2799539 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2393207 ] | New: JAC Bug Workflow [ 2730014 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2288765 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2393207 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227418 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2288765 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2182982 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227418 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1951248 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2182982 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1744809 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1951248 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1706693 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1744809 ] |