-
Bug
-
Resolution: Fixed
-
High
-
5.2-m05, 5.2
-
None
-
5.02
-
6.8
-
The Create Issue Detail page is vulnerable to reflected XSS.
1. Login to https://$JIRA/
2. Visit https://$JIRA/secure/CreateIssueDetails.jspa?reporter="><script>alert('XSS')<%2Fscript><p+name%3D"&pid=10000&issuetype=2
3. Accept XSRF token warning
For example, https://volcano.jira-dev.com/secure/CreateIssueDetails.jspa?reporter="><script>alert('XSS')<%2Fscript><p+name%3D"&pid=10000&issuetype=2
- was cloned as
-
-
- Closed
-
