Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-9456

XSS Bug in printable link display

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 2.5.7
    • Fix Version/s: 2.6.1
    • Component/s: None
    • Environment:

      Solaris 10, JDK 1.5.0_12, SunOne WebServer 6.1 SP8

      Description

      A Cross sites scripting vulnerability exists in macro used to render the 'printable' link.

      Here is an exploit for the vulnerability that works

      https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert('Watchfire%20XSS%20Test%20Successful')%3C/script%3E

      Bug was found using APPScan.

        Attachments

        1. wiki.appscan.doc
          118 kB
        2. printable-icon-xss.patch
          1 kB
        3. appscan.wiki.doc
          361 kB

          Activity

            People

            Assignee:
            mjensen m@
            Reporter:
            wcrossin Wyatt Crossin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified