We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      We have identified and fixed a cross-site scripting (XSS) vulnerability that affect Confluence instances, including publicly available instances (that is, Internet-facing servers). XSS vulnerabilities allow an attacker to embed their own JavaScript into a Confluence page. All supported versions of Confluence are affected.

      More details are available in the advisory at https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-09-11

      Patch for versions older than 4.1.9

      Attached is a patch that will fix this XSS issue for versions of Confluence older than 4.1.9. This patch has also been tested against Confluence 3.5.16, and should work for all Confluence 3.5.x releases. However, as with any patch, this should be tested thoroughly first, and initially monitored after being installed in production.

      To install:

      1. Download the attached zip file
      2. Shutdown Confluence
      3. Move the zip file <installation-directory>/confluence/WEB-INF/classes
      4. Extract the zip file
      5. Verify that the file <installation-directory>/confluence/WEB-INF/classes/com/atlassian/confluence/servlet/ConfluenceVelocityServlet.class exists
      6. Restart Confluence for the change to take effect

      You can read more about applying patches here: https://confluence.atlassian.com/display/DOC/Installing+Patched+Class+Files

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

                NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

                We have identified and fixed a cross-site scripting (XSS) vulnerability that affect Confluence instances, including publicly available instances (that is, Internet-facing servers). XSS vulnerabilities allow an attacker to embed their own JavaScript into a Confluence page. All supported versions of Confluence are affected.

                More details are available in the advisory at https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-09-11

                Patch for versions older than 4.1.9

                Attached is a patch that will fix this XSS issue for versions of Confluence older than 4.1.9. This patch has also been tested against Confluence 3.5.16, and should work for all Confluence 3.5.x releases. However, as with any patch, this should be tested thoroughly first, and initially monitored after being installed in production.

                To install:

                1. Download the attached zip file
                2. Shutdown Confluence
                3. Move the zip file <installation-directory>/confluence/WEB-INF/classes
                4. Extract the zip file
                5. Verify that the file <installation-directory>/confluence/WEB-INF/classes/com/atlassian/confluence/servlet/ConfluenceVelocityServlet.class exists
                6. Restart Confluence for the change to take effect

                You can read more about applying patches here: https://confluence.atlassian.com/display/DOC/Installing+Patched+Class+Files

                        vosipov VitalyA
                        vosipov VitalyA
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        9 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            vosipov VitalyA
                            vosipov VitalyA
                            Affected customers:
                            0 This affects my team
                            Watchers:
                            9 Start watching this issue

                              Created:
                              Updated:
                              Resolved: