-
Bug
-
Resolution: Fixed
-
Medium
-
5.3
-
None
-
6.5
-
To reproduce:
1. Open a confluence instance in Firefox.
2. Create a space with key "TEST".
3. Create a page in that space called "<script>alert(0)</script>".
4. Create two pages with the page from step 3 as their parent.
5. Go to:
[base path]/panels/reorderpage.action?panelName=reorder&spaceKey=TEST&title=%3Cscript%3Ealert%280%29%3C/script%3E&movedPageId=0&pageTitle=
An alert should open. The strings in steps 2 and 3 are only important in that they need to match the URL (any space or XSS string can be used).
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
XSS in reorder panel
-
-
Resolution: Fixed
-
Medium
-
5.3
-
None
-
6.5
-
To reproduce:
1. Open a confluence instance in Firefox.
2. Create a space with key "TEST".
3. Create a page in that space called "<script>alert(0)</script>".
4. Create two pages with the page from step 3 as their parent.
5. Go to:
[base path]/panels/reorderpage.action?panelName=reorder&spaceKey=TEST&title=%3Cscript%3Ealert%280%29%3C/script%3E&movedPageId=0&pageTitle=
An alert should open. The strings in steps 2 and 3 are only important in that they need to match the URL (any space or XSS string can be used).
-
PatrickA
-
- Affected customers:
-
0 This affects my team
- Watchers:
-
2 Start watching this issue
- Created:
- Updated:
- Resolved: