Stored Cross-Site Scripting Vulnerabilities in Confluence version 7.13.2

0 votes
asked Jan 26, 2022 in Bug by Peter

Hi,
Recently we have discovered a vulnerability which allows execute a potentially harmful code in the plugin using 

@startuml
Bob -> Alice : [[javascript:alert('test')]]
@enduml

OR

@startuml
component foo1 as "Click me!" [[javascript:alert(document.domain)]]
@enduml

We updated  plugin to version 6.59 but still vulnerability exists.

I found on the internet that The fixed version is 6.44 which is strange because we use a newer version and still exploit exists

Under this link (https://forum.plantuml.net/11084/javascript-hyperlinks-in-svg) we found a nice tip about environment variable but even when we set it explicitly to false it didn’t help.

Please Can you help me resolve that problem?

1 Answer

0 votes
answered Jan 26, 2022 by plantuml (294,960 points)
Can you double-check your PlantUML version:

@startuml
version
@enduml

Are you sure that PLANTUML_JAVASCRIPT_UNSECURE is set to false ?

Note that you should probably post this same question in a forum specific to the Confluence Plugin: this forum may be too generalist to answer to a question about a specific plugin. (Except if the issue is on the core library itself)
...