[CONFSERVER-54905] XSS in the viewdefaultdecorator resource through the key parameter - CVE-2017-18085 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Fixed
Affects Version/s: 6.5.1
Fix Version/s: 6.6.1
Component/s: Space - Blueprints
Labels:
- CVE-2017-18085
- advisory
- advisory-released
- cvss-medium
- rxss
- security
- xss

Symptom Severity:
Severity 2 - Major
QA Demo Status:
Not Done
QA Kickoff Status:
Not Done
Bug Fix Policy:
View Atlassian server bug fix policy

Description

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

SecurityB

Participants:

SecurityB

Last Touched By:

Katherine Yabut

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Due:

30/Mar/2018

Created:

02/Feb/2018 12:11 AM

Updated:

11/Oct/2018 8:55 AM

Resolved:

02/Feb/2018 3:15 AM

Last commented:

45 weeks ago