Description
The REST service allows to replace placeholders in titles with information that is unaccessible by the authenticated user.
The service may reveal
- the title of the parent page,
- the name of the space the parent page is part of
- and the space key.
In order to get access to this information, the attacker needs to guess a valid page id in the space.
Attachments
Issue Links
- mentioned in
-
Page Loading...