Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.15.2
Affects Version/s: 6.13.2
Component/s: Platform - Application Links
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The version of the Application Links plugin used in Confluence before version 6.15.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. See https://ecosystem.atlassian.net/browse/APL-1373 for more details.

Attachments

Issue Links

is related to: APL-1373 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Apr/2019 2:30 AM

Updated:: 01/Jun/2023 6:46 PM

Resolved:: 30/Apr/2019 2:30 AM