Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.3.4, 6.4.0
Affects Version/s: 6.3.3
Component/s: Macros - Content by User
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

Acknowledgements
Atlassian would like to credit Veit Hailperin (@fenceposterror) for reporting this issue to us.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Due:: 30/Mar/2018

Created:: 02/Feb/2018 12:11 AM

Updated:: 11/Oct/2018 8:49 AM

Resolved:: 02/Feb/2018 3:15 AM