XSS vulnerability in "children" macro when displaying excerpts

2014-12-02T07:41:01
ID ATLASSIAN:CONFSERVER-35777
Type atlassian
Reporter nclarke@atlassian.com
Modified 2017-04-02T08:37:53

Description

{panel:bgColor=#e7f4fa} NOTE: This bug report is for Confluence Server. Using Confluence Cloud? [See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-35777]. {panel}

  • Create a parent page A with a child page B
  • Add an {{{excerpt}}} macro to B containing the text {{<script>alert("Gotcha!");</script>}}
  • Add the {{{children}}} macro to page A, with "Show excerpts" checked
  • Alert is shown when viewing A

This is currently present on EAC - likely to be in released versions; not tested yet.

Found by [~dpabst] and me during QA :)