Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-6990

Javascript in wiki page executed by {index}

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Medium
    • None
    • 2.2.9
    • None

    • Standalone, JDK 1.5, Windows, IE6

    Description

      Arbitrary Javascript placed on a wiki page is executed if it is in the "blurb" included in the

      {index} macro.

      Example:
      page 1 contents:{index}

      page 2 (within same space as page 1) contents:
      <script>
      alert("We have a problem...");
      </script>

      Go to page 1. The index, including a brief summary of page 2, should appear. An alert window will pop up. In fact, any HTML will be rendered, so this may lead to additional problems I have not investigated

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-14753 XSS vulnerability can be exploited with the Page Index macro

          • Highest - Our top priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              e479c97b14a7 David Koppelman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: