-
Bug
-
Resolution: Fixed
-
Highest
-
None
-
No-Version
-
Severity 3 - Minor
-
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
Hi !
I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com .
You will have the POC as an atachment to this report that i am making.
Now i will show you in details how i managed to find this vulnerability.
Firstly I created an account in atlassian.com . When i created my account i set the full name to : "><svg/onload=confirm(document.domain)>;
Then under my services, i went to https://answers.atlassian.com/
and when the page fully loaded, the javascript payload that was in my full name was executed and i got the result shown in the attachment image.
I also uploaded another image as an atachment showing to you the user cookies which you can get by just replacing document.domain with document.cookie on the payload.
Regards,
Andi
- relates to
-
CONFCLOUD-47027 Stored XSS Vulnerability found on Atlassian
- Closed