Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Component/s: Administration - System - General Configuration
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Cloud bug fix policy

NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

Jira Admins can create a persistant XSS on the Incoming Mail configuration page.

When the value

"><script>alert(1)</script>

is inserted into the Witelisted Domain field on the page

/secure/admin/IncomingMailServers.jspa

The javascript persists and executes on page load.

This was tested on Jira version v7.1.9#71013-sha1:1aa0586

is related to

JRASERVER-61963 XSS in Mail Whitelist Field

Closed

relates to: HELIX-462 Loading...

Assignee:: Oswaldo Hernandez (Inactive)

Reporter:: Alek Amrani (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Due:: 13/Sep/2016

Created:: 19/Jul/2016 7:11 PM

Updated:: 15/Aug/2019 5:39 AM

Resolved:: 14/Sep/2016 4:11 AM