XSS in user links

2009-05-29T04:14:37
ID ATLASSIAN:CONFSERVER-15970
Type atlassian
Reporter cbroadfoot
Modified 2017-02-17T05:17:44

Description

A user with username {{"><script>alert("foo")</script>}} that is linked to via {{[~username]}} markup results in script being executed.

Curiously, viewing the space homepage of that user results in a blank page.

This of course is prevented for public signup, but if the user gets created via other means, i.e. external user management, or via admin control panel then this is a valid point of attack