XSS vulnerability in link handling for Scroll Viewport
Description
Summary
This advisory discloses a security issue of high severity affecting Scroll Viewport for Confluence Server and Confluence Data Center, and provides a step-by-step guide to help you rectify the issue.
The following app and versions are affected:
Scroll Viewport for Confluence Server and Confluence Data Center
After updating the affected app to the following version or later, your instance is no longer affected by this security issue.
2.22.4
Severity
K15t rates the severity level of this issue as high because it is possible in specific circumstances for an attacker to execute arbitrary Javascript on your system and any injected script can only load and (maybe) modify data on the domain hosting the file.
We've rated this bug with a CVSS score of 8.0(High)
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
Detailed description
Due to a Cross Site Scripting (XSS) vulnerability it was possible to inject possibly harmful Javascript through unescaped link content being interpreted as HTML rather than plain text through adapting specific Confluence page titles.
We are not aware of any active exploits of this vulnerability so far. The vulnerability was identified as part of a customer support case.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released updates for Scroll Viewport for Confluence Server and Confluence Data Center on the Atlassian Marketplace
What you need to do to solve this issue on your instance
A Confluence administrator needs to upgrade any affected Scroll Viewport app versions to a fixed version or later.
We are here to support you
We apologize for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help. In case you have any questions or want to get support in fixing the issue on your system please let us know at help@k15t.com.
Summary
This advisory discloses a security issue of high severity affecting Scroll Viewport for Confluence Server and Confluence Data Center, and provides a step-by-step guide to help you rectify the issue.
The following app and versions are affected:
Scroll Viewport for Confluence Server and Confluence Data Center
After updating the affected app to the following version or later, your instance is no longer affected by this security issue.
2.22.4
Severity
K15t rates the severity level of this issue as high because it is possible in specific circumstances for an attacker to execute arbitrary Javascript on your system and any injected script can only load and (maybe) modify data on the domain hosting the file.
We've rated this bug with a CVSS score of 8.0(High)
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
Detailed description
Due to a Cross Site Scripting (XSS) vulnerability it was possible to inject possibly harmful Javascript through unescaped link content being interpreted as HTML rather than plain text through adapting specific Confluence page titles.
We are not aware of any active exploits of this vulnerability so far. The vulnerability was identified as part of a customer support case.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released updates for Scroll Viewport for Confluence Server and Confluence Data Center on the Atlassian Marketplace
What you need to do to solve this issue on your instance
A Confluence administrator needs to upgrade any affected Scroll Viewport app versions to a fixed version or later.
We are here to support you
We apologize for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help. In case you have any questions or want to get support in fixing the issue on your system please let us know at help@k15t.com.