[CONFSERVER-46695] XSS Vulnerability in About Me field - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: None
Affects Version/s: No-Version
Component/s: Apps - Confluence Questions
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

Steps to reproduce:

In id.atlassian.com, add to your About me:

<script>console.log(' +++++ Hi Dennis ++++++');</script>

Save & check in your answers profile - the JS will appear in the browser console.

jclark@atlassian.com can you do me a favor and give every profile field an once-over?

relates to

CONFCLOUD-46695 XSS Vulnerability in About Me field

Closed

causes: ADM-40550 Loading...

No work has yet been logged on this issue.

Assignee:: Joe Clark

Reporter:: Dennis Kromhout van der Meer (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 02/Aug/2013 12:15 AM

Updated:: 11/Oct/2018 8:48 AM

Resolved:: 19/Aug/2013 10:36 PM