Lucene search
K

2907 matches found

Atlassian
Atlassian
added 2007/07/17 12:59 a.m.19 views

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/17 12:59 a.m.15 views

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2007/07/17 12:59 a.m.21 views

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/17 12:51 a.m.19 views

Create patch to CONF-8877 for Confluence 2.5.4

Since this is a major security issue we need to create patches for older versions...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/07/17 12:51 a.m.15 views

Create patch to CONF-8877 for Confluence 2.5.4

Since this is a major security issue we need to create patches for older versions...

2.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/26 3:14 p.m.18 views

Allow embedding multimedia content located on remote servers

Re: CSP-8387 Currently, when embedding multimedia content on Confluence you are restricted to embedding files located on the Confluence server. The page http://confluence.atlassian.com/display/CONF20/Embedding+Multimedia+Content singles out "security reasons" as the reason for this limitation. In...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/26 3:14 p.m.23 views

Allow embedding multimedia content located on remote servers

Re: CSP-8387 Currently, when embedding multimedia content on Confluence you are restricted to embedding files located on the Confluence server. The page http://confluence.atlassian.com/display/CONF20/Embedding+Multimedia+Content singles out "security reasons" as the reason for this limitation. In...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/16 4:20 a.m.16 views

Form submission doesn't check source

Confluence accepts form submissions from any source. This means if you are logged in to confluence and another site submits data to the confluence instance, then its accepted without question because the user is already logged in - or automatically logged in. We need a way to validate the form...

2AI score
Exploits0
Atlassian
Atlassian
added 2007/04/16 4:20 a.m.31 views

Form submission doesn't check source

Confluence accepts form submissions from any source. This means if you are logged in to confluence and another site submits data to the confluence instance, then its accepted without question because the user is already logged in - or automatically logged in. We need a way to validate the form...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/04/16 4:20 a.m.17 views

Form submission doesn't check source

Confluence accepts form submissions from any source. This means if you are logged in to confluence and another site submits data to the confluence instance, then its accepted without question because the user is already logged in - or automatically logged in. We need a way to validate the form...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/01/10 3:32 a.m.31 views

XSS bug: usernames not HTML-encoded in all places

When signing up for an account, it is possible to enter a username like "fred". Confluence will accept this, and on certain pages, render it as raw HTML to the user, opening the possibility of cross-site scripting XSS attacks. Two places I've spotted the raw HTML so far: - Most prominently, when ...

5.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2006/03/27 12:36 a.m.28 views

Support nested groups

panel:title=Resolved in Confluence 3.5|borderStyle=solid|borderColor=3C78B5|titleBGColor=3C78B5|bgColor=E7F4FA We are pleased to advise that support for nested groups is available in Confluence 3.5. You can find instructions on how to configure nested groups in our documentation: Configuring User...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/12/14 1:22 a.m.20 views

Confluence is not using the seraph logout url to define how to log out.

We need to update our use of seraph to delegate the definition of the logout url to seraph-config.xml h2. Workaround for Confluence 5.7.2 and older Find and copy /confluence/WEB-INF/lib/confluence-x.x.x.jar to a temp location with "x.x.x" representing your Confluence version number Extract the...

0.9AI score
Exploits0
Atlassian
Atlassian
added 2005/12/14 1:22 a.m.38 views

Confluence is not using the seraph logout url to define how to log out.

We need to update our use of seraph to delegate the definition of the logout url to seraph-config.xml h2. Workaround for Confluence 5.7.2 and older Find and copy /confluence/WEB-INF/lib/confluence-x.x.x.jar to a temp location with "x.x.x" representing your Confluence version number Extract the...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/12/14 1:22 a.m.29 views

Confluence is not using the seraph logout url to define how to log out.

We need to update our use of seraph to delegate the definition of the logout url to seraph-config.xml h2. Workaround for Confluence 5.7.2 and older Find and copy /confluence/WEB-INF/lib/confluence-x.x.x.jar to a temp location with "x.x.x" representing your Confluence version number Extract the...

0.9AI score
Exploits0Affected Software1
NVD
NVD
added 2005/12/03 7:3 p.m.17 views

CVE-2005-3967

Cross-site scripting XSS vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter...

4.3CVSS5.7AI score0.01208EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/12/03 7:0 p.m.21 views

CVE-2005-3967

Cross-site scripting XSS vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter...

5.7AI score0.01208EPSS
Exploits0References5
CVE
CVE
added 2005/12/03 7:0 p.m.50 views

CVE-2005-3967

CVE-2005-3967 is an XSS vulnerability in Atlassian Confluence 2.0.1 Build 321. The issue affects the dosearchsite.action module, allowing remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString parameter. The documented impact is partial integrity compromise with n...

4.3CVSS5.9AI score0.01208EPSS
Exploits0References5Affected Software1
Atlassian
Atlassian
added 2005/02/03 2:54 a.m.25 views

Obscure email addresses in Confluence Mail

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-2677. panel Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2005/02/03 2:54 a.m.20 views

Obscure email addresses in Confluence Mail

Just noticed that http://confluence.atlassian.com/spaces/viewmailarchive.action?key=DOC is showing my full email address.and other ppl's too. Eeek! We really want to obscure them. And anywhere else they appear in confl... Maybe some funky javascript email encryption ?...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder