• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 2.5.6, 2.6.0
    • 2.5.4
    • None
    • Standalone

      Description:
      XSS vulnerability at "Edit Space Permissions" page

      Exploit:
      Write to the "Grant permission to" field: "<script>alert(document.cookie)</script>"

            [CONFSERVER-8980] XSS vulnerability at "Edit Space Permissions"

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2878092 ] New: CONFSERVER Bug Workflow v4 [ 2985952 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2778431 ] New: JAC Bug Workflow v3 [ 2878092 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2717386 ] New: JAC Bug Workflow v2 [ 2778431 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376182 ] New: JAC Bug Workflow [ 2717386 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2263357 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2376182 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212894 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2263357 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160869 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2212894 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1916819 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2160869 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1722134 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1916819 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1675484 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1722134 ]

              Unassigned Unassigned
              b1e07ee35f09 Gergely Hodicska
              Affected customers:
              1 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: