Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9456

XSS Bug in printable link display

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • High
    • 2.6.1
    • 2.5.7
    • None

    • Solaris 10, JDK 1.5.0_12, SunOne WebServer 6.1 SP8

    Description

      A Cross sites scripting vulnerability exists in macro used to render the 'printable' link.

      Here is an exploit for the vulnerability that works

      https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert('Watchfire%20XSS%20Test%20Successful')%3C/script%3E

      Bug was found using APPScan.

      Attachments

        1. appscan.wiki.doc
          361 kB
        2. printable-icon-xss.patch
          1 kB
        3. wiki.appscan.doc
          118 kB

        Activity

          People

            mjensen m@ (Inactive)
            a06b3b24deee Wyatt Crossin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified