XSS vulnerability in Scroll Exporter Extensions app
This advisory discloses a security issue of medium severity affecting specific Scroll Exporter apps, and provides a step-by-step guide to help you rectify the issue.
You may be affected if you have one of these apps installed:
Scroll CHM Exporter, version 3.9.14 or earlier
Scroll DocBook Exporter, version 3.9.14 or earlier
Scroll EclipseHelp Exporter, version 3.9.14 or earlier
Scroll EPUB Exporter, version 3.9.14 or earlier
Scroll HTML Exporter, version 3.9.14 or earlier
After updating these apps to the following versions or later, your instance is no longer affected by this security issue.
Scroll CHM Exporter, version 3.9.15 or later
Scroll DocBook Exporter, version 3.9.15 or later
Scroll EclipseHelp Exporter, version 3.9.15 or later
Scroll EPUB Exporter, version 3.9.15 or later
Scroll HTML Exporter, version 3.9.15 or later
K15t rates the severity level of this issue as medium, because it can be exploited by any user with edit page permissions.
We've rated this bug with a CVSS score of 5.4 (Medium).
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
Scroll Exporter apps provide users with a number of different Scroll Macros that can be added to a page to modify the export output. These macros are provided by the bundled Scroll Exporter Extensions app that comes included when installing any Scroll Exporter app.
For this security issue, it has been identified that the content inside the Scroll Ignore Inline macro can be inserted into Confluence pages in an insecure way.
You may want to use Confluence's macro search feature in order to retrieve a list of all pages in your instance that use this macro. In order to find such pages use this search query:
Please note that the mere presence of the macro does not mean this vulnerability has been exploited in your instance. You'd need to inspect the macro's body in the Confluence editor for any suspicious HTML tags, such as <script>, <iframe>, etc.
This vulnerability has been identified in the scope of a security audit we conducted together with an external contractor. We are not aware of any active exploits of this vulnerability.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released updates for the affected Scroll Exporter apps on the Atlassian Marketplace
What you need to do to solve this issue on your instance
A Confluence administrator needs to upgrade any affected Scroll Exporter app versions to a fixed version or later. This will automatically update the Scroll Exporter Extensions app to version 5.0.6 or later.
It is not required to update potentially affected pages after the fixed version has been installed.
We are here to support you
We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.
In case you have any questions or want to get support in fixing the issue on your system please let us know at email@example.com. We are happy to schedule a 1:1 screensharing session to help you resolve the issue should you so desire.