Confluence Security Advisory 2005-12-05

Confluence Security Overview and Advisories

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

A flaw has been found in Confluence by which attackers to inject malicious HTML code into Confluence. Atlassian STRONGLY recommends that all Confluence customers apply the fix described below immediately, or upgrade to Confluence 2.0.2

Vulnerability

By entering HTML code into the Confluence search input fields, attackers can cause arbitrary scripting code to be executed by the user's browser in the security context of the Confluence instance.

This flaw affects all versions of Confluence between 1.4-DR releases and 2.0.1.

(Atlassian was not informed of the problem before it was published by third-party security researchers. You can read the third-party security advisory here: http://secunia.com/advisories/17833/. The vulnerability was originally reported here.)

Fix

This vulnerability is fixed in Confluence 2.0.2 and later. Customers who do not wish to migrate to 2.0.2 can fix this bug using the procedure below:

  1. Edit the confluence/decorators/components/searchresults.vmd
  2. Replace the following reference (around line 48):
    
    $action.getText("search.result", [$start, $end, $total, $queryString])
    

    with
    
    $action.getText("search.result", [$start, $end, $total, $generalUtil.escapeXml($queryString)]).
    


  3. Edit the confluence/search/searchsite-results.vm.
  4. Replace the following reference (around line 11):
    
    Searched for <b>$action.searchQuery.queryString</b>
    

    with
    
    Searched for <b>$generalUtil.escapeXml($action.searchQuery.queryString)</b>
    


  5. Restart Confluence.

Alternatively, you can download the patched source files from Confluence Security Advisory 2005-12-05. If you are patching a 2.0.x installation, then use the files with the .2.0 suffix. If you are patching a 1.4.x installation, then use the files with the .1.4 suffix.

Last modified on Dec 5, 2005

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.