Loading...

XML

Word

Printable

Type: Bug
Resolution: Cannot Reproduce
Priority: Highest
Fix Version/s: None
Affects Version/s: No-Version
Component/s: Apps - Confluence Questions
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page for an edited comment does not sanitize or html encode the content of the current and previous comments. Therefore an attacker can exploit this issue to craft a persistent xss attack.

is related to

CONFSERVER-46953 persistent xss vulnerability through uploaded files in IE8/9

Closed

relates to

CONFCLOUD-47387 Persistent xss flaw in the revision history (of comments).

Closed

Assignee:: Joe Clark

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 08/Aug/2012 7:48 AM

Updated:: 11/Oct/2018 9:07 AM

Resolved:: 30/Jul/2013 12:05 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates