2907 matches found
DWR debug mode is enabled
This gives a potential attacker lots of information about available AJAX request handlers in Confluence...
Security Issue: XSS in wiki exception error page
The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...
Security Issue: XSS in wiki exception error page
The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...
Security Issue: XSS in wiki exception error page
The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Option to disable "secure" cookie when using HTTPS just for login page
Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...
Option to disable "secure" cookie when using HTTPS just for login page
Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...
Only allow basic formatting macros in comments
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-9387. panel Currently it is possible for users with create comments permission to embed macros in these comments. This is a...
Only allow basic formatting macros in comments
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-9387. panel Currently it is possible for users with create comments permission to embed macros in these comments. This is a...
Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence
'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...
Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence
'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...
Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence
'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...
Unwanted Access to File System via Import Pages Functionality
security vulnerability found in Confluence 2.5.6 Space administrator can use the "Import Pages from Disk" feature to browse the server file system by pointing the importer at "/" folder or any other folder. Because this folder doesn't contain expected files, an error message is displayed,...
Unwanted Access to File System via Import Pages Functionality
security vulnerability found in Confluence 2.5.6 Space administrator can use the "Import Pages from Disk" feature to browse the server file system by pointing the importer at "/" folder or any other folder. Because this folder doesn't contain expected files, an error message is displayed,...
Reflected XSS Vulnerability in the Feed Builder
---- Input in the Feed Builder is not properly handled. Insert: code "alert'Gotcha!' code as the feed name title and you get url like this:...
Vulnerability against DoS attack via labels
Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word or something like this. Exploit: Giving x thousand characters depends on the machine separated by space as label results the system is breaking down...
Vulnerability against DoS attack via labels
Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word or something like this. Exploit: Giving x thousand characters depends on the machine separated by space as label results the system is breaking down...
Vulnerability against DoS attack via labels
Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word or something like this. Exploit: Giving x thousand characters depends on the machine separated by space as label results the system is breaking down...