XSS vulnerability in default 'internal server error' page

2011-10-26T01:57:13
ID ATLASSIAN:BAM-10026
Type atlassian
Reporter pwatson
Modified 2015-09-22T08:57:34

Description

We have identified and fixed a reflected cross-site scripting (XSS) vulnerability in the Bamboo default 'internal server error' page.

This issue is reported in our security advisory on this page: https://confluence.atlassian.com/x/rQP5FQ

You can read more about XSS attacks at:

  • http://www.cgisecurity.com/xss-faq.html
  • http://www.cert.org/advisories/CA-2000-02.html