Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-54905

XSS in the viewdefaultdecorator resource through the key parameter - CVE-2017-18085

    XMLWordPrintable

    Details

    • Symptom Severity:
      Major
    • QA Demo Status:
      Not Done
    • QA Kickoff Status:
      Not Done

      Description

      The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Participants:
              Last Touched By:
              Owen Sanico
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Last commented:
                27 weeks, 5 days ago