Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.0.3
-
None
-
5
-
5
-
Description
The "User Dark Features" page located at $host/secure/ViewProfile.jspa?selectedTab=jira.user.profile.panels:up-darkfeatures-panel allows users to add dark features which only affect themselves. However, it is not protected against XSRF attacks. Note: the 'value' of dark features is not properly encoded when output into a javascript context (if one is to enter ' + eval(alert(1) ) + ' as a dark feature then an alert dialogue with the number one in it will be shown on every page) so the impact of this vulnerability includes XSS
Attachments
Issue Links
- details
-
JRASERVER-28154 Javascript escape the value of "dark features" within the javascript context they are rendered out in
- Closed