Stored XSS in OnDemand Confluence Header via username

2014-05-19T03:12:05
ID ATLASSIAN:CONF-33685
Type atlassian
Reporter eh.yogendra
Modified 2017-02-17T05:27:21

Description

This is from an external report. Creating a user with username:

{code} "><img src=x onerror=prompt(1)> {code}

and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures.