Olivier Beg <olivier@hotmail.lv> reported
https://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=conf_all%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E> I asume he is DOM based because he works in google chrome.
This results in
<input type="hidden" id="search-filter-by-space" name="where" value="conf_all"><img src=x onerror=alert(1)>" style="width: 100%"/>
which appears to be parsed as having a valid onerror attribute (???), which triggers the alert box if you move your mouse or just wait a second. Checked in Firefox and Chrome. Possibly where is used in javascript context in an unsafe way.
- is duplicated by
-
CONFSERVER-31012 Reflected cross-site scripting (XSS) in dosearchsite action
-
- Closed
-
- mentioned in
-
Wiki Page Loading...
