XSS vulnerability in space name when page move would create a duplicate

2009-06-18T06:38:53
ID ATLASSIAN:CONFSERVER-16135
Type atlassian
Reporter mhrynczak
Modified 2018-10-11T08:51:50

Description

Create a space called <script>alert("XSS");</script>

Find a page named 'Home' in a different space

Move this page, choosing the previously created space as the destination

The move will fail due to the duplicate page name, and the script will be run.