We're updating the issue view to help you get more done. 

ImageMap does not prevent user supplied link targets from modifying the original tab

Description

Summary

This advisory discloses a security issue of *low severity* affecting Scroll ImageMap for Confluence and provides a guide to help rectify the issue.

If you have Scroll ImageMap version 2.3 or earlier installed on you Confluence instances, you may be affected by this issue. After upgrading to version 2.3.1, your instance is no longer affected by this security issue.

All *cloud* installations of Scroll ImageMap have already been updated to a fixed version – no action is required.

Severity

K15t rates the severity of this issue as low, as it does not open any additional vectors for an attack.

This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.

Detailed description

This issue introduces additonal security properties to all user supplied link URLs in Scroll ImageMap. This prevents the target website of a link from navigating the original tab after a user has followed a link to that site.

Steps we've taken to fix the issue

User supplied URLs within Scroll ImageMaps will get additional security properties assigned.

We are here to support you

We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.

In case you have any questions or want to get support in fixing the issue on your system please let us know at support@k15t.com.

Environment

None

Status

Assignee

Unassigned

Reporter

Riku Haavisto (K15t)

Labels

None

Participants

None

QA Status

None

Deployment

None

Documentation Status

None

UI Concept

None

External Votes

None

Fix versions

Priority