[CONFSERVER-60118] Stored XSS in the Livesearch macro - CVE-2020-36290 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.4.5, 7.6.3, 7.7.4
Affects Version/s: 7.3.3, 7.4.1
Component/s: Macros - Search
Labels:

Fixed in Long Term Support Release/s:

Download 7.4
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.

Affected versions:

version < 7.4.5
7.5.0 ≤ version < 7.6.3
7.7.0 ≤ version < 7.7.0

Fixed versions:

7.4.5
7.6.3
7.7.4

is detailed by: VULN-168619 Failed to load

mentioned in: Page Failed to load

Assignee:: Oliver Shen

Reporter:: AB

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 28/Jul/2020 1:04 AM

Updated:: 26/Jul/2022 3:29 AM

Resolved:: 18/Aug/2020 3:25 AM

Confluence Data Center

Details

Description

Affected versions:

Attachments

Issue Links

Forms

Activity

[CONFSERVER-60118] Stored XSS in the Livesearch macro - CVE-2020-36290

People

Dates