Info

Disclosure

Dec 02, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 05, 2005

Description

Atlassian Confluence contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the variable "searchQuery" in the "dosearchsite.action" module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround, Patch / RCS, Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Uncoordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 2.0.2 or higher, as it has been reported to fix this vulnerability. Additionally, the vendor has released a patch to address this issue, or users may opt to apply the temporary workaround described in the vendor advisory.

Products

Atlassian Software Systems

Confluence

2.0.1

References

Bugtraq ID: 15688
Secunia Advisory ID: 17833
CVE ID: 2005-3967 (see also: NVD) 2005-3994 (see also: NVD)
ISS X-Force ID: 23381
VUPEN Advisory: ADV-2005-2691
Vendor Specific Advisory URL: http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2005-12-05
https://jira.atlassian.com/browse/CONF-4825
Other Advisory URL: http://pridels.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html [ Link is 404 ]
Vendor URL: http://www.atlassian.com/software/confluence/

Credit

r0t - krustevsgooglemail.com - UNSECURED SYSTEMS

Direct URL: http://osvdb.org/21377