Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 6.1.6, 6.2-OD-7
Affects Version/s: None
Component/s: Dashboard & Gadgets
Labels:
- cvss-high
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

Pie Chart and Heat Map have a persistent XSS vulnerability.

When HTML tag is stored as Custom Field name (e.g. <script>) then after configuring Pie Chart (or Heat Map) and pressing Save the gadget is not shown but stays at configuration state.

Only after refreshing the gadget displays information.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

PieChart.png
18/Dec/2013 11:00 PM
34 kB
Ignat
xss.png
18/Dec/2013 11:00 PM
157 kB
Ignat

relates to

JRACLOUD-36251 XSS in Pie Chart and Heat Map

Closed

clones: JDEV-21755 Loading...

mentioned in: Page Loading...

Testing discovered: JDEV-21449 Loading...

Assignee:: Oswaldo Hernandez (Inactive)

Reporter:: Ignat (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 18/Dec/2013 11:00 PM

Updated:: 15/Jan/2019 6:25 AM

Resolved:: 14/Jan/2014 4:25 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates