Persistent XSS in Username field

2013-08-08T17:20:18
ID ATLASSIAN:CONFCLOUD-46732
Type atlassian
Reporter jclark@atlassian.com
Modified 2017-04-02T09:03:07

Description

{panel:bgColor=#e7f4fa} NOTE: This bug report is for Confluence Cloud. Using Confluence Server? [See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46732]. {panel}

The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" for HTML output.

Known vulnerability points: When viewing a user's activity stream on their profile page When viewing the site-wide activity stream in the Administrative UI

This vulnerability was introduced when Atlassian ID was integrated with Answers. Previously, local-based user accounts had their usernames scrubbed before saving in the database.