Persistent xss within build and plan labels

XMLWordPrintable

      Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action (as filter options). An example label which can be used to reproduce this issue is: "/><input>

              Assignee:
              Marek Went (Inactive)
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: