Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-31564

XSS vulnerability on the Delete Project Role Page

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • None

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      Steps to Reproduce:

      1. Login as admin and navigate to user management page.
      2. Click on Roles in the left side menu
      3. Create a roles like Users <script>alert(123)</script>
      4. Click on the delete link corresponding to that user.

      See attached video

      Attachments

        1. deleteprojectrole.png
          22 kB
          Maciej Nowakowski
        2. XSS.swf
          393 kB
          Sean Curtis

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-31564 XSS vulnerability on the Delete Project Role Page

          • Low - Low priority issues
          • Closed

          Activity

            People

              mhenderson Marty Henderson (Inactive)
              scurtis Sean Curtis (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: