Stored XSS in OnDemand Confluence Header via username

XMLWordPrintable

    • 6.5

      This is from an external report. Creating a user with username:

      "><img src=x onerror=prompt(1)>

      and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures.

        1. demo.png
          demo.png
          271 kB
        2. Delete_Space.png
          Delete_Space.png
          147 kB

              Assignee:
              Vu Truong Vo (Inactive)
              Reporter:
              Yogendra Sharma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: