[CONFSERVER-54903] XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.4.0
Affects Version/s: 6.2.4
Component/s: Macros - Attachments
Labels:
- advisory
- advisory-released
- bugbounty
- cvss-medium
- loyalty
- security
- sxss
- xss

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

Katherine Yabut made changes - 13/Nov/2018 4:45 AM

Workflow

Original: JAC Bug Workflow v3 [ 2885287 ]

New: CONFSERVER Bug Workflow v4 [ 2996027 ]

Owen made changes - 11/Oct/2018 8:49 AM

Workflow	Original: JAC Bug Workflow v2 [ 2790718 ]	New: JAC Bug Workflow v3 [ 2885287 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:16 PM

Workflow

Original: JAC Bug Workflow [ 2737140 ]

New: JAC Bug Workflow v2 [ 2790718 ]

Owen made changes - 17/Aug/2018 3:19 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

Owen made changes - 02/Jul/2018 7:15 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2594759 ]

New: JAC Bug Workflow [ 2737140 ]

David Black made changes - 02/Feb/2018 4:45 AM

Labels

Original: advisory advisory-to-release bugbounty cvss-medium loyalty security sxss xss

New: advisory advisory-released bugbounty cvss-medium loyalty security sxss xss

David Black made changes - 02/Feb/2018 4:45 AM

Security

Original: Atlassian Staff [ 10750 ]

David Black made changes - 02/Feb/2018 4:45 AM

Priority

Original: Low [ 4 ]

New: Medium [ 3 ]

David Black made changes - 02/Feb/2018 4:43 AM

Summary

Original: Sanitised security issue 00a46a85e90a43d5125f3325eebf3df920078955b1ba61f9ce1579fc0e1a2a34

New: XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083

David Black made changes - 02/Feb/2018 4:43 AM

Description

Original: Component in Atlassian Confluence Server from version 6.2.4 before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in VULN_INFO.

New: The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 02/Feb/2018 12:10 AM

Updated:: 11/Oct/2018 8:49 AM

Resolved:: 02/Feb/2018 3:14 AM

Details

Description

Attachments

Forms

Activity

[CONFSERVER-54903] XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083

People

Dates