Issue Details (XML | Word | Printable)

Key: CHK-35
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Roberto Dominguez
Reporter: Roberto Dominguez
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Confluence Checklists Plugin

Vulnerabilities in entry values and column attributes allows for injection of javascript code

Created: 12/Sep/07 04:54 PM   Updated: 12/Sep/07 04:54 PM
Component/s: None
Affects Version/s: 1.1
Fix Version/s: 1.2.1

Time Tracking:
Not Specified

Environment: Any

Labels:


 Description  « Hide
Entry values and column attributes are not HTML encoded. This would allow malicious macros or entry values to inject javascript code.

No exploit has been reported.

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Roberto Dominguez added a comment - 12/Sep/07 04:54 PM
All values are now properly encoded.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators