[CONFSERVER-26270] reflected xss in the pageId request parameter in 500page.jsp

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.3.2
Affects Version/s: 4.2.11
Component/s: None
Labels:
- affects-server
- cvss-high
- security
- xss

CVSS Score:
7.5
Bug Fix Policy:
View Atlassian Server bug fix policy

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

 


    <%
        String uri = (String)request.getAttribute("javax.servlet.error.request_uri");
        if(uri != null && uri.contains("editpage"))
        {
            String editDraft = context + "/pages/editpage.action?useDraft=true&pageId=" + request.getParameter("pageId");
            %>
            <div class="panel warning">
                <img id="draftNote" alt="" src="<%= context %>/images/icons/emoticons/warning.png">
                You can <a href="<%= editDraft %>">resume editing</a> the most recently saved draft of your page.
            </div>
        <% 
        }
    %>

Katherine Yabut made changes - 13/Nov/2018 4:43 AM

Workflow

Original: JAC Bug Workflow v3 [ 2894445 ]

New: CONFSERVER Bug Workflow v4 [ 2987039 ]

Owen made changes - 11/Oct/2018 9:00 AM

Workflow	Original: JAC Bug Workflow v2 [ 2779033 ]	New: JAC Bug Workflow v3 [ 2894445 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:12 PM

Workflow

Original: JAC Bug Workflow [ 2735075 ]

New: JAC Bug Workflow v2 [ 2779033 ]

Owen made changes - 02/Jul/2018 7:11 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2400521 ]

New: JAC Bug Workflow [ 2735075 ]

Katherine Yabut made changes - 22/Jun/2017 6:53 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2300070 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2400521 ]

Katherine Yabut made changes - 31/May/2017 5:40 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2234279 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2300070 ]

Katherine Yabut made changes - 31/May/2017 5:01 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2196550 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2234279 ]

Katherine Yabut made changes - 31/May/2017 2:05 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1924091 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2196550 ]

Katherine Yabut made changes - 03/Apr/2017 3:57 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1732834 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1924091 ]

Katherine Yabut made changes - 28/Feb/2017 6:35 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1689115 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1732834 ]

Assignee:: David Black

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 09/Aug/2012 3:15 AM

Updated:: 11/Oct/2018 9:00 AM

Resolved:: 25/Sep/2012 12:10 AM

Details

Description

Attachments

Forms

Activity

People

Dates