• Type: Bug
• Resolution: Fixed
• Priority: Medium
• Fix Version/s: 6.6.1
• Affects Version/s: 6.5.1
• Component/s: Space - Blueprints
• Labels:

  • CVE-2017-18085
  • advisory
  • advisory-released
  • cvss-medium
  • rxss
  • security
  • xss

[CONFSERVER-54905] XSS in the viewdefaultdecorator resource through the key parameter - CVE-2017-18085

set-jac-bot made changes - 22/May/2020 8:24 AM

Fixed in Enterprise Release/s

New: [Download 6.6|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Katherine Yabut made changes - 13/Nov/2018 4:42 AM

Workflow

Original: JAC Bug Workflow v3 [ 2890114 ]

New: CONFSERVER Bug Workflow v4 [ 2982484 ]

Owen made changes - 11/Oct/2018 8:55 AM

Workflow	Original: JAC Bug Workflow v2 [ 2803776 ]	New: JAC Bug Workflow v3 [ 2890114 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:20 PM

Workflow

Original: JAC Bug Workflow [ 2737701 ]

New: JAC Bug Workflow v2 [ 2803776 ]

Owen made changes - 17/Aug/2018 3:19 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

Owen made changes - 02/Jul/2018 7:18 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2594775 ]

New: JAC Bug Workflow [ 2737701 ]

David Black made changes - 02/Feb/2018 5:17 AM

Description

Original: The viewdefaultdecorator resource in Atlassian Confluence before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

New: The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

David Black made changes - 02/Feb/2018 5:17 AM

Description

Original: The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

New: The viewdefaultdecorator resource in Atlassian Confluence before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

David Black made changes - 02/Feb/2018 5:16 AM

Description

Original: The viewdefaultdecorator resource in Atlassian Confluence before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

New: The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

David Black made changes - 02/Feb/2018 5:15 AM

Description

Original: The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

New: The viewdefaultdecorator resource in Atlassian Confluence before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

Load more older events