Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.5.3
Affects Version/s: 5.5
Component/s: None
Labels:

CVSS Score:
6.5
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

This is from an external report. Creating a user with username:

"><img src=x onerror=prompt(1)>

and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Delete_Space.png
147 kB
03/Jun/2014 4:25 AM
demo.png
271 kB
19/May/2014 3:49 AM

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Vu Truong Vo (Inactive)

Reporter:: Yogendra Sharma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 19/May/2014 3:12 AM

Updated:: 11/Oct/2018 8:48 AM

Resolved:: 05/Jun/2014 11:04 AM