Bugcrowd issues Issue Type Icon ESFC-110

[XSS][USERNAME] - XSS issue occurs if filtering for a user with the "><img src=x onerror=alert(1)>"

Description

Java script is executed when filtering for a user with "><img src=x onerror=alert(1)>” .

Steps to reproduce

  1. Create an external share link

  2. Navigate to your Atlassian profile or Click here

  3. Add "><img src=x onerror=alert(1)> to your name field

  4. Return to confluence and navigate to External Share Space settings (Side panel)

  5. On creator field, look for your username

Similar issue occurred on Approval path for confluence - reported on Bug Crowd - APFC issue

Actual result

User will be prompt with java script error

Expected result

No java script is executed

Issue occurs on both QA and Production builds

Activity

Show:
Parsa Shiva 16 August 2022, 13:47

@Kamil Zarychta Fix verified on QA environment.

Kamil Zarychta 16 August 2022, 12:54

@Parsa Shiva fix deployed on QA, could you verify it ?

Krzysztof Bogdan 16 August 2022, 12:09

@Parsa Shiva
🚀

Done

Details

Priority

Priority: MediumMedium

Created

16 August 2022, 13:42

Updated

15 November 2024, 15:54
Created: 16 August 2022, 11:42 Updated: 15 November 2024, 14:54