Problem
There is a possibility of XSS exploitation of the Full Name user profile field when displayed.
Solution
The problem was unescaped outputting of the fullname - wrapping the output in $generalUtil.htmlEncode() resolve it. The vast majority of the problem can be resolved by changing /confluence/template/includes/macros.vm
in the distribution on the following lines:
- 180
- 186
- 200
- 340
- 893
I have attached the modified macros.vm file here which you can copy into your distribution.
Scope
There are other places which are still affected which Atlassian have been made aware of, a complete resolution should be provided by Atlassian in their own offical advisory.
I hope this helps some of you!