Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 4.3
Affects Version/s: 4.2.1
Component/s: None
Labels:
- charlie
- cvss-high
- security
- xss

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action (as filter options). An example label which can be used to reproduce this issue is: "/><input>

Attachments

Issue Links

copied to: BDEV-1475 Loading...

Activity

People

Assignee:: Marek Went (Inactive)

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Oct/2012 4:09 AM

Updated:: 19/Aug/2019 2:02 AM

Resolved:: 26/Oct/2012 10:55 AM