7 matches found
CVE-2017-8768
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID...
Persistent Cross Site Scripting Flaw in User Profiles
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...
Persistent Cross Site Scripting Flaw in User Profiles
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...
Persistent Cross Site Scripting Flaw in User Profiles
A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the Atlassian ID system to contain an XSS vector which executes when inserted as a link, and clicked on by the victim. 1. Visit https://id.atlassian.com/profile/ 2. Update your Homepage...
Persistent XSS in Username field
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" f...
Persistent XSS in Username field
The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" for HTML output. Known vulnerability points: When viewing a user's activity stream on their profile page When viewing the site-wide activity stream in the Administrative UI This...
Persistent XSS in Username field
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46732. panel The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" fo...