It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Cross-Site Scripting leak in Highlight Search Result

The Highlight Search Results plugin, made by codecentric AG has a cross-site scripting leak. Wonder how these add-ons are tested before they appear in the market place?

 

Our security testing team assesses each new add-on before we start using it and was able to use cross-scripting in this plugin.

1 answer

Hello Hans,

our security team is investigating right now and we'll fix this issue as soon as possible.

To address the affected customers, we additionally reported a security incident to Atlassian.

Thank you again for letting us know.

Best regards
Sascha (codecentric AG)

A quick update from our side:

There was indeed a XSS vulnerability, where encoded script code on a page could be activated by navigating to that page after a search with highlighted search terms. A direct script injection was never possible though.

We released a fix last week.

Best regards
Sascha

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

Lessons and Learnings: Six Months of Working Remote [Discussion]

Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...

8,196 views 6 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you