Details
-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
2.2.9
-
None
-
Standalone, JDK 1.5, Windows, IE6
Description
Arbitrary Javascript placed on a wiki page is executed if it is in the "blurb" included in the
{index} macro.Example:
page 1 contents:{index}
page 2 (within same space as page 1) contents:
<script>
alert("We have a problem...");
</script>
Go to page 1. The index, including a brief summary of page 2, should appear. An alert window will pop up. In fact, any HTML will be rendered, so this may lead to additional problems I have not investigated
Attachments
Issue Links
- duplicates
-
CONFSERVER-14753 XSS vulnerability can be exploited with the Page Index macro
- Closed