Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-43162

XSS in newFileName Field

XMLWordPrintable

      From an external report:

      Confluence recently has been tested and, as a result, we were able to verify the existence of at least one persistent XSS vulnerability. This vulnerability is present in the Edit Attachment feature — specifically in the newFileName field — accessible through the following URL:
      https://confluence/pages/editattachment.action
      As a means to prove the concept proposed by this issue, we added the value "<script>alert(1)</script>file" (without quotes) in the newFileName field. Such as described in the image named xss.png (attached).
      After the aforementioned insertion, the script executes successfully whenever a user visits the vulnerable page, which in turn, is available at:
      https://confluence/dosearchsite.action?queryString="
      As can be seen in the images named xss1.png and xss2.png (attached).

        1. confluence-search-2.3.13-SNAPSHOT.jar
          157 kB
        2. xss.png
          xss.png
          33 kB
        3. xss1.png
          xss1.png
          66 kB
        4. xss2.png
          xss2.png
          91 kB

            [CONFSERVER-43162] XSS in newFileName Field

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2884476 ] New: CONFSERVER Bug Workflow v4 [ 2979395 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2788190 ] New: JAC Bug Workflow v3 [ 2884476 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2722818 ] New: JAC Bug Workflow v2 [ 2788190 ]
            Owen made changes -
            Symptom Severity Original: Major [ 14431 ] New: Severity 2 - Major [ 15831 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385974 ] New: JAC Bug Workflow [ 2722818 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2282501 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2385974 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2223320 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2282501 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2175750 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2223320 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1941871 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2175750 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1739421 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1941871 ]

              fxu Feng Xu (Inactive)
              c0a03ec99fd7 Jodson Santos
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: