Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-54395

XSS through various RSS properties in the RSS macro - CVE-2017-16856

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 2 - Major
    • QA Demo Status:
      Not Done
    • QA Kickoff Status:
      Not Done

      Description

      The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

      Acknowledgements

      Atlassian would like to credit Glenn 'devalias' Grant (http://devalias.net) of TSS (https://dtss.com.au) for reporting this issue to us.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                51 weeks, 4 days ago