Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-26221

XSS vulnerability in the "import word document" page action through the page name

XMLWordPrintable

      On the "import word document" page action the name of the confluence page is a persistent xss vector (as it is not encoded).

      How to Reproduce:

      1. Create a confluence page with the following title

      XSS"/><script>alert('XSS')</script>

      2. Navigate to the created page
      3. Under the tools menu select "Import Word Document"
      4. Upload a word document
      5. Click "Next"
      6. See an alert prompt containing the text 'XSS' within it.

            [CONFSERVER-26221] XSS vulnerability in the "import word document" page action through the page name

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2875547 ] New: CONFSERVER Bug Workflow v4 [ 3003782 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2803386 ] New: JAC Bug Workflow v3 [ 2875547 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2736147 ] New: JAC Bug Workflow v2 [ 2803386 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2378534 ] New: JAC Bug Workflow [ 2736147 ]
            Alex Yakovlev (Inactive) made changes -
            Labels Original: advisory affects-server bugfix loyalty security team-ants verified xss New: advisory affects-server loyalty security team-ants verified xss
            Alex Yakovlev (Inactive) made changes -
            Labels Original: advisory affects-server bugfix security team-ants verified xss New: advisory affects-server bugfix loyalty security team-ants verified xss
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2268359 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2378534 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212066 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2268359 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2158932 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212066 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1943878 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2158932 ]

              jxie Chii (Inactive)
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: