Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-31564

XSS vulnerability on the Delete Project Role Page

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • None

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      Steps to Reproduce:

      1. Login as admin and navigate to user management page.
      2. Click on Roles in the left side menu
      3. Create a roles like Users <script>alert(123)</script>
      4. Click on the delete link corresponding to that user.

      See attached video

        1. deleteprojectrole.png
          22 kB
        2. XSS.swf
          393 kB

            mhenderson Marty Henderson (Inactive)
            scurtis Sean Curtis (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: