[CONFSERVER-51825] XSS Vulnerability in wiki markup

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.8.6, 5.9.0-OD-61
Affects Version/s: 5.7
Component/s: Content - Page
Labels:

CVSS Score:
5.5
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various markup.

relates to

CONFCLOUD-51825 XSS Vulnerability in wiki markup

Closed

David Black added a comment - 14/Mar/2017 4:45 AM

CVSS score: 5.5 => Medium severity

Exploitability Metrics

AccessVector	Network
AccessComplexity	Low
Authentication	Single

Impact Metrics

ConfImpact	Partial
IntegImpact	Partial
AvailImpact	None

David Black added a comment - 14/Mar/2017 4:45 AM CVSS score: 5.5 => Medium severity Exploitability Metrics AccessVector Network AccessComplexity Low Authentication Single Impact Metrics ConfImpact Partial IntegImpact Partial AvailImpact None

Assignee:: Unassigned

Reporter:: Luke Jahnke

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 14/Mar/2017 4:40 AM

Updated:: 14/Jul/2020 5:59 AM

Resolved:: 14/Mar/2017 4:45 AM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: David Black added a comment - 14/Mar/2017 4:45 AM

Expand comment: David Black added a comment - 14/Mar/2017 4:45 AM

People

Dates