Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cross-Site Scripting leak in Highlight Search Result

Deleted user January 26, 2020

The Highlight Search Results plugin, made by codecentric AG has a cross-site scripting leak. Wonder how these add-ons are tested before they appear in the market place?

 

Our security testing team assesses each new add-on before we start using it and was able to use cross-scripting in this plugin.

Answer
Watch
Like Be the first to like this
452 views

1 answer

0 votes
Sascha Novakovic
Sascha Novakovic
Contributor
January 27, 2020

Hello Hans,

our security team is investigating right now and we'll fix this issue as soon as possible.

To address the affected customers, we additionally reported a security incident to Atlassian.

Thank you again for letting us know.

Best regards
Sascha (codecentric AG)

View More Comments
Deleted user January 29, 2020

OK, thanks. 

Like
Sascha Novakovic
Sascha Novakovic
Contributor
February 12, 2020

A quick update from our side:

There was indeed a XSS vulnerability, where encoded script code on a page could be activated by navigating to that page after a search with highlighted search terms. A direct script injection was never possible though.

We released a fix last week.

Best regards
Sascha

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security