-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: 5.2, 5.8.14, 5.8.15
-
Component/s: Core - Content REST APIs
An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14.
The vulnerability is located at /rest/prototype/1/session/check/something
POC URL:
http://<server>/conf_path/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E
This was confirmed in the latest version of firefox.
- incorporates
-
-
- Closed
-
- included in
-
![[JIRA]](/images/icons/generic_link_16.png "[JIRA]")
CPU-121
Confluence 6.0.0-OD-2015.49.1-0002
-
CPU-139
Confluence 6.0.0-OD-2015.49.1-0003
-
CPU-141
Confluence 6.0.0-OD-2015.50.1-0003
(3 mentioned in)