[JRASERVER-10542] Request parameters are not HTML encoded on the 500 page

Type: Bug
Resolution: Fixed
Priority: High (View bug fix roadmap)
Fix Version/s: 3.6.3
Affects Version/s: 3.6.2
Component/s: None
Labels:
- affects-server

Introduced in Version:
3.06
Bug Fix Policy:
View Atlassian Server bug fix policy

The 500 page in JIRA lists the request parameters, but does not HTML encode them. This can lead to cross site scripting.

Nick Menere [Atlassian] (Inactive) added a comment - 17/Aug/2006 2:32 AM

This was reported on Secunia and has since been resolved. This XSS iss ue is no longer an issue.

Cheers,
Nick

Nick Menere [Atlassian] (Inactive) added a comment - 17/Aug/2006 2:32 AM This was reported on Secunia and has since been resolved. This XSS iss ue is no longer an issue. Cheers, Nick

Sam Chang [Atlassian] added a comment - 05/Jul/2006 6:05 AM

html encoded the request parameters on the 500 page

Sam Chang [Atlassian] added a comment - 05/Jul/2006 6:05 AM html encoded the request parameters on the 500 page

Assignee:: Sam Chang [Atlassian]

Reporter:: AntonA

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 05/Jul/2006 2:45 AM

Updated:: 27/Mar/2019 11:50 PM

Resolved:: 05/Jul/2006 6:05 AM

Details

Description

Attachments

Forms

Activity

Collapse comment: Nick Menere [Atlassian] (Inactive) added a comment - 17/Aug/2006 2:32 AM

Expand comment: Nick Menere [Atlassian] (Inactive) added a comment - 17/Aug/2006 2:32 AM

Collapse comment: Sam Chang [Atlassian] added a comment - 05/Jul/2006 6:05 AM

Expand comment: Sam Chang [Atlassian] added a comment - 05/Jul/2006 6:05 AM

People

Dates