Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-25818

XSS vulnerability in the "move" page action with html/js in the page name

XMLWordPrintable

      There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page.

      Steps to reproduce:
      1.create a page named: "''/><video onerror=alert(234234) src=xxx>'kasdfjas'dfasdf

      2. (on the page) click on the "move" option under the tools drop-down menu
      3. see an alert box with the number 234234 in it.

            [CONFSERVER-25818] XSS vulnerability in the "move" page action with html/js in the page name

            Niraj Bhawnani added a comment - - edited

            Temporary fix applied to Confluence until we can upgrade to AUI 5.0 which contains the proper fix. AUI Pull request: https://bitbucket.org/atlassian/aui-archive/pull-request/75/aui-956-fix-addheader-not-escaping-dialog

            Niraj Bhawnani added a comment - - edited Temporary fix applied to Confluence until we can upgrade to AUI 5.0 which contains the proper fix. AUI Pull request: https://bitbucket.org/atlassian/aui-archive/pull-request/75/aui-956-fix-addheader-not-escaping-dialog

            Niraj Bhawnani added a comment -

            Caused by https://ecosystem.atlassian.net/browse/AUI-956

            Niraj Bhawnani added a comment - Caused by https://ecosystem.atlassian.net/browse/AUI-956

              nbhawnani Niraj Bhawnani
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: