Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-35777

XSS vulnerability in "children" macro when displaying excerpts

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      • Create a parent page A with a child page B
      • Add an {excerpt} macro to B containing the text <script>alert("Gotcha!");</script>
      • Add the {children} macro to page A, with "Show excerpts" checked
      • Alert is shown when viewing A

      This is currently present on EAC - likely to be in released versions; not tested yet.

      Found by dpabst and me during QA

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFCLOUD-35777 XSS vulnerability in "children" macro when displaying excerpts

          • High - High priority issues
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              tquanghua Thinh Quang Hua (Inactive)
              nclarke@atlassian.com Nick Clarke
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: