Self Stored Cross site scripting

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      Product: http://swag.atlassian.com
      Vulnerability Type: Self Stored Cross site scripting (Cross site scripting)
      Platform: Leaptop / PC
      URL: https://id.atlassian.com/profile/signUp.action?continue=http://swag.atlassian.com/Login.aspx
      OS/Version: Windows 7
      Browser: Mozilla Firefox (v 28)
      Status: NEW
      Severity: Major
      Reported By: eh.Yogendra@gmail.com

      Bug Description:
      Reproduce steps:
      1. Go to http://swag.atlassian.com & Create a Account.
      2. Redirect to this Link: https://id.atlassian.com/profile/signUp.action?continue=http://swag.atlassian.com/Login.aspx
      3. Fill the First name and Last name with Payload.
      4. "><img src=x onerror=prompt(1)>
      5. Login successfully then update Display name with "><img src=x onerror=prompt(1)>
      6. Now go to My Atlassian
      7. Payload executed.

        1. atlassian xss.png
          196 kB
          Yogendra Sharma

              Assignee:
              Unassigned
              Reporter:
              Yogendra Sharma
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: