XSS Bug in printable link display

2007-09-13T08:15:21
ID ATLASSIAN:CONFSERVER-9456
Type atlassian
Reporter wcrossin
Modified 2017-02-17T05:09:51

Description

A Cross sites scripting vulnerability exists in macro used to render the 'printable' link.

Here is an exploit for the vulnerability that works

https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert('Watchfire%20XSS%20Test%20Successful')%3C/script%3E

Bug was found using APPScan.