XSS vulnerability in the "import word document" page action through the page name

2012-08-03T03:17:02
ID ATLASSIAN:CONF-26221
Type atlassian
Reporter dblack
Modified 2017-02-28T05:46:20

Description

On the "import word document" page action the name of the confluence page is a persistent xss vector (as it is not encoded).

How to Reproduce:

  1. Create a confluence page with the following title {noformat} XSS"/><script>alert('XSS')</script> {noformat}

  2. Navigate to the created page

  3. Under the tools menu select "Import Word Document"
  4. Upload a word document
  5. Click "Next"
  6. See an alert prompt containing the text 'XSS' within it.