Persistent xss flaw in the revision history (of comments).

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page for an edited comment does not sanitize or html encode the content of the current and previous comments. Therefore an attacker can exploit this issue to craft a persistent xss attack.

            Assignee:
            Joe Clark
            Reporter:
            David Black
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: