Persistent xss flaw in the revision history (of comments).

Type atlassian
Reporter dblack
Modified 2017-04-02T09:06:43


{panel:bgColor=#e7f4fa} NOTE: This bug report is for Confluence Server. Using Confluence Cloud? [See the corresponding bug report|]. {panel}

Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page for an edited comment does not sanitize or html encode the content of the current and previous comments. Therefore an attacker can exploit this issue to craft a persistent xss attack.