Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-46695

XSS Vulnerability in About Me field

XMLWordPrintable

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      Steps to reproduce:

      In id.atlassian.com, add to your About me:

      <script>console.log(' +++++ Hi Dennis ++++++');</script>

      Save & check in your answers profile - the JS will appear in the browser console.

      jclark@atlassian.com can you do me a favor and give every profile field an once-over?

            [CONFSERVER-46695] XSS Vulnerability in About Me field

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2884219 ] New: CONFSERVER Bug Workflow v4 [ 2992443 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2796828 ] New: JAC Bug Workflow v3 [ 2884219 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2716319 ] New: JAC Bug Workflow v2 [ 2796828 ]
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2382417 ] New: JAC Bug Workflow [ 2716319 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2275277 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2382417 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2218083 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2275277 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2171767 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2218083 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1933172 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2171767 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1732964 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1933172 ]

              jclark@atlassian.com Joe Clark
              dmeer Dennis Kromhout van der Meer (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: