Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianHailpervATLASSIAN:CONFSERVER-53243
HistoryAug 17, 2017 - 6:08 a.m.

XSS in User Macros Description Field

2017-08-1706:08:01
hailperv
jira.atlassian.com
19

EPSS

0.001

Percentile

28.6%

JSON

We received external report about XSS in User Macros Field:
{quote}
The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector.
{quote}
Steps to reproduce:

  1. Go to http://localhost:8090/admin/usermacros.action
  2. Add user macro with description “><script>alert(2)</script>”
  3. Try to add this macro on the page. It should trigger xss

Related

atlassian 2
prion 1
cve 1
cvelist 1
nessus 1
nvd 1
atlassian
atlassian
XSS in the usermacros resource through the description of a macro - CVE-2017-18084
2018-02-02 00:11:26
XSS in the usermacros resource through the description of a macro - CVE-2017-18084
2018-02-02 00:11:26
prion
prion
Cross site scripting
2018-02-02 14:29:00
cve
cve
CVE-2017-18084
2018-02-02 14:29:01
cvelist
cvelist
CVE-2017-18084
2018-02-02 14:00:00
nessus
nessus
Atlassian Confluence < 6.3.4 usermacros Reflected XSS (CVE-2017-18084)
2018-02-22 00:00:00
nvd
nvd
CVE-2017-18084
2018-02-02 14:29:01

EPSS

0.001

Percentile

28.6%

JSON
Related for ATLASSIAN:CONFSERVER-53243
atlassian2prion1cve1cvelist1nessus1nvd1