-
Bug
-
Resolution: Fixed
-
Medium
-
5.2, 5.8.14, 5.8.15
An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14.
The vulnerability is located at /rest/prototype/1/session/check/something
POC URL:
http://<server>/conf_path/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E
This was confirmed in the latest version of firefox.
- incorporates
-
-
- Closed
-
- included in
-
![[JIRA]](/images/icons/generic_link_16.png "[JIRA]")
CPU-121
Confluence 6.0.0-OD-2015.49.1-0002
-
CPU-139
Confluence 6.0.0-OD-2015.49.1-0003
-
CPU-141
Confluence 6.0.0-OD-2015.50.1-0003
(3 mentioned in)
[CONFSERVER-39689] Rest API XSS
| Workflow | Original: JAC Bug Workflow v3 [ 2891072 ] | New: CONFSERVER Bug Workflow v4 [ 2983211 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2781772 ] | New: JAC Bug Workflow v3 [ 2891072 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2728075 ] | New: JAC Bug Workflow v2 [ 2781772 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2386305 ] | New: JAC Bug Workflow [ 2728075 ] |
| Fix Version/s | New: 5.9.1 [ 55895 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2283405 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2386305 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2223916 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2283405 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2177342 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2223916 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1942474 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2177342 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1739905 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1942474 ] |