Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8993

Reflected XSS Vulnerability in the Feed Builder

    XMLWordPrintable

Details

    Description

      Input in the Feed Builder is not properly handled.

      Insert: 

      "><<script>alert('Gotcha!')</script>

      as the feed name (title) and you get url like this:

      http://confluence.atlassian.com/dashboard/doconfigurerssfeed.action?types=page&types=blogpost&types=mail&types=comment&types=attachment&sort=modified&showContent=true&showDiff=true&spaces=conf_global&labelString=&rssType=atom&maxResults=10&timeSpan=5&publicFeed=true&title=%22%3E%3C%3Cscript%3Ealert%28%27Gotcha%21%27%29%3C%2Fscript%3E

      Suggested fix: Escape output of title in

      <link rel="alternate" type="application/atom+xml" title="" href=""/>

      in the 

      /dashboard/doconfigurerssfeed.action

      view

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-30240 XSS in doconfigurerssfeed.action

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              sleberrigaud Samuel Le Berrigaud
              dchui DavidA
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: