-
Type:
Bug
-
Resolution: Tracked Elsewhere
-
Priority:
Medium
-
None
-
Affects Version/s: No-Version
-
Component/s: Apps - Confluence Questions
-
Environment:
Windows 7 with Firefox v28
-
Severity 3 - Minor
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
Product: http://swag.atlassian.com
Vulnerability Type: Self Stored Cross site scripting (Cross site scripting)
Platform: Leaptop / PC
URL: https://id.atlassian.com/profile/signUp.action?continue=http://swag.atlassian.com/Login.aspx
OS/Version: Windows 7
Browser: Mozilla Firefox (v 28)
Status: NEW
Severity: Major
Reported By: eh.Yogendra@gmail.com
Bug Description:
Reproduce steps:
1. Go to http://swag.atlassian.com & Create a Account.
2. Redirect to this Link: https://id.atlassian.com/profile/signUp.action?continue=http://swag.atlassian.com/Login.aspx
3. Fill the First name and Last name with Payload.
4. "><img src=x onerror=prompt(1)>
5. Login successfully then update Display name with "><img src=x onerror=prompt(1)>
6. Now go to My Atlassian
7. Payload executed.
- relates to
-
-
- Closed
-
- Is related to
-
BIZPLAT-84580 Loading...
-
