Issue Details (XML | Word | Printable)

Key: TBL-54
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Bob Swift
Reporter: Maleko Taylor
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Confluence Table Plugin

XSS Vulnerability

Created: 28/Jul/08 04:39 PM   Updated: Saturday 08:37 PM
Component/s: table-plus
Affects Version/s: None
Fix Version/s: 3.4.0

Time Tracking:
Not Specified

Labels:


 Description  « Hide
Here is an example from the wiki markup, showing how to exploit this issue: {table-plus:columnTypes=S,-,.|autoNumber=true|sortColumn=3 |columnAttributes=,,style="background:'+alert('arbitrary javascript here')+'; font-size:14pt;"}
|| Name || Phone || TCP ||
| John | 555-1234 | 192.168.1.10 |
| Mary | 555-2134 | 192.168.1.12 |
| Bob | 555-4527 | 192.168.1.9 |{table-plus}

Any javascript could be entered in the markup that could hijack a user's session.

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Bob Swift added a comment - 28/Jul/08 09:42 PM
Thanks. The attributes parameter needs to be cleaned in some way before use.

[ Permlink | « Hide ]
Bob Swift added a comment - 03/Jan/09 08:37 PM
columnAttributes are now encoded using GeneralUtil.htmlEncode function.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators