The vulnerability is due to how Handy-link functionality is implemented in Stiltsoft Handy-link Handy-link functionality is provided by the Stiltsoft Handy-link plugin for Confluence Server/Data Center. In Stiltsoft Handy-link, the Handy-link macro is used to embed a link. The link is stored in a variable, which could be accessed by an attacker by injecting JavaScript code into a page. An attacker could use this vulnerability to create a link that would run script code on the attacker’s website, which could lead to information disclosure, session hijacking, or other actions on the target’s website. The Handy-link plugin is not the only plugin that allows this type of link.

Vulnerability overview:

Handy-link functionality is provided by the Stiltsoft Handy-link plugin for Confluence Server/Data Center. In Stiltsoft Handy-link, the Handy-link macro is used to embed a link. The link is stored in a variable, which could be accessed by an attacker by injecting JavaScript code into a page. An attacker could use this vulnerability to create a link that would run script code on the attacker’s website, which could lead to information disclosure, session hijacking, or other actions on the target’s website.

Vulnerability overview

The vulnerability allows an attacker to inject JavaScript code into a page and create a link that would run script code on the attacker’s website. This could lead to information disclosure, session hijacking, or other actions on the target’s website. The vulnerability is due to how Handy-link functionality is implemented in Stiltsoft Handy-link.

Vulnerability Finding Steps

The vulnerability was found by a security researcher who used the WordPress plugin RedirectChecker to detect potentially malicious redirects. The researcher then manually inspected the source code of all plugins listed in the plugin repository, and found Stiltsoft Handy-link.

Timeline

Published on: 11/04/2022 07:15:00 UTC
Last modified on: 12/07/2022 19:15:00 UTC

References