Details
-
Bug
-
Resolution: Fixed
-
High
-
5.2-m05, 5.2
-
None
-
5.02
-
6.8
-
Description
The Create Issue Detail page is vulnerable to reflected XSS.
1. Login to https://$JIRA/
2. Visit https://$JIRA/secure/CreateIssueDetails.jspa?reporter="><script>alert('XSS')<%2Fscript><p+name%3D"&pid=10000&issuetype=2
3. Accept XSRF token warning
For example, https://volcano.jira-dev.com/secure/CreateIssueDetails.jspa?reporter="><script>alert('XSS')<%2Fscript><p+name%3D"&pid=10000&issuetype=2
Attachments
Issue Links
- was cloned as
-
JRASERVER-31709 Reflected XSS in Create Issue Details page
- Closed