[CONFSERVER-54905] XSS in the viewdefaultdecorator resource through the key parameter - CVE-2017-18085 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.6.1
Affects Version/s: 6.5.1
Component/s: Space - Blueprints
Labels:
- CVE-2017-18085
- advisory
- advisory-released
- cvss-medium
- rxss
- security
- xss

Fixed in Long Term Support Release/s:

Download 6.6
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

Form Name

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 02/Feb/2018 12:11 AM

Updated:: 22/May/2020 8:24 AM

Resolved:: 02/Feb/2018 3:15 AM

Details

Description

Attachments

Forms

Activity

[CONFSERVER-54905] XSS in the viewdefaultdecorator resource through the key parameter - CVE-2017-18085

People

Dates