XSS vulnerability in template upload mechanism 2019-07-04

Summary

This advisory discloses a security issue of medium severity affecting Scroll PDF Exporter and Scroll Word Exporter v4.x apps, and provides a step-by-step guide to help you rectify the issue.

After updating to Scroll PDF Exporter 4.7.0 and Scroll Word Exporter 4.1.8 your instance is no longer affected by this security issue because these app versions include a fix to the template upload mechanism. 

Severity

K15t Software rates the severity level of this issue as medium, because exploiting the bug requires an authenticated user to import a malicious template and the Javascript that will be executed will be limited by the importing users permissions.

This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.

Detailed description

We found a bug in the following Scroll apps:

• Scroll PDF Exporter

• Scroll Word Exporter

This bug can be used to execute Javascript and call REST services with the permissions of the user if an authenticated user imports a template .data file from an untrusted source.

Other page information such as content, attachments or comments are NOT affected by this bug.

Anonymous users were NOT able to exploit the bug, even if access to anonymous users is enabled in Confluence and individual spaces.

We've rated this bug with a CVSS score of 6.1 (Medium).

Steps we've taken to fix this issue

We released Scroll PDF Exporter 4.7.0 and Scroll Word Exporter 4.1.8 to the Atlassian Marketplace.

What you need to do to solve this issue on your instance

A Confluence administrator needs to upgrade Scroll PDF Exporter to 4.7.0 and Scroll Word Exporter to 4.1.8 or later. 

We are here to support you

We apologize for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.

In case you have any questions or want to get support in fixing the issue on your system please let us know at support@k15t.com.