Issues
- Possible data leak in Viewport sites through crafted link followed by specific user actions (medium)VPC-484
- XSS vulnerability in Scroll Viewport for Confluence (Cloud)VPC-310Resolved issue: VPC-310
- Response Header Injection vulnerability in sites created by Scroll Viewport for CloudVPC-303Resolved issue: VPC-303
- Reflected redirection to external targets - Security Advisory 2022-02-01VPC-228Resolved issue: VPC-228
- RCE vulnerability in Scroll Viewport for Confluence Cloud related to CVE-2021-44228 'log4shell' - security advisory (2021-12-10)VPC-216Resolved issue: VPC-216
- XSS vulnerability in Scroll Viewport - security advisory (2020-10-09)VPC-47Resolved issue: VPC-47
- Security advisory: Subdomain takeover on scrollhelp.siteVPC-14Resolved issue: VPC-14
1-7 of 7
1 of 7
Description
Environment
None
Pinned fields
Click on the next to a field label to start pinning.
Details
Backbone Issue Sync
Created July 11, 2024 at 11:26 AM
Updated July 11, 2024 at 11:26 AM
Activity
Show:
Summary
This advisory discloses a security issue of MEDIUM severity affecting Scroll Viewport, and provides a step-by-step guide to help you rectify the issue.
The vulnerability was found in internal review.
If a user that has access to a Viewport site follows a link crafted by an attacker, and after following the link takes specific actions on the website, it is possible that information from the site is leaked to the attacker.
Sites that do not use authentication are not affected because their content is public, and the vulnerability can only be used for accessing the content of the site.
Severity
K15t Software rates the severity level of this issue as MEDIUM.
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment
What you need to do to solve this issue on your instance
Regenerating the Viewport site will automatically fix the vulnerability.