Atlassian Confluence 5.9.12 Cross Site Scripting

Posted by deepcore on January 5, 2017 – 12:08 pm

Tempest Security Intelligence Advisory ADV-3/2016 – Atlassian Confluence version 5.9.12 is vulnerable to persistent cross site scripting because it fails to securely validate user controlled data, thus making it possible for an attacker to supply crafted input in order to harm users. The bug occurs at pages carrying attached files, even though the attached file name parameter is correctly sanitized upon submission, it is possible for an attacker to later edit the attached file name property and supply crafted data (i.e HTML tags and script code) without the occurrence of any security checks, resulting in an exploitable persistent cross site scripting injection.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress Stop User Enumeration 1.3.4 User Enumeration TinyPDF Installer DLL Hijacking / Unsafe Temp Directory »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Atlassian Confluence 5.9.12 Cross Site Scripting

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL