Description
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
When creating a project and board in JAG on On Demand with scripts in the board name and project name, an XSS vulnerability was found.
[screenshot]
Steps to reproduce:
- Click on Agile > Getting Started
- Click on Create a new board button
- Select "New project and a new board"
- Enter a XSS string (e.g. <script>alert(1)</script>) in Project name. Fill all the other fields with any values
- Select Agile Simplified Workflow (recommended)
- When the dialog "Creating and linking companions for your JIRA project" is rendered, you'll get the alert
Attachments
Issue Links
- is related to
-
JRASERVER-36233 XSS in Create Project dialog
- Closed