-
Bug
-
Resolution: Fixed
-
Highest
-
4.2.7
-
None
-
6.5
-
From: OFFCONN-81:
Using "office excel"-macro (as part of viewfile, which is part of office connector plugin) seems to open up the possibility to get injected with XSS-code.
Steps to reproduce:
1.) Create an excel-file with following content in one cell:
'"><script>alert('XSS')</script><
2.) Attach this file to a confluence page
3.) Go into edit mode
4.) Use the "office excel" macro and choose the excel file
5.) Click "save"
Result:
An XSS-message appears
- mentioned in
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page")
Wiki Page
Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-25909] XSS vulnerability in Office Connector plugin
| Workflow | Original: JAC Bug Workflow v3 [ 2888960 ] | New: CONFSERVER Bug Workflow v4 [ 2999948 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2799685 ] | New: JAC Bug Workflow v3 [ 2888960 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2730141 ] | New: JAC Bug Workflow v2 [ 2799685 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376124 ] | New: JAC Bug Workflow [ 2730141 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2263269 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376124 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212850 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2263269 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160764 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212850 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1946661 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160764 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1742380 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1946661 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1703173 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1742380 ] |
