Details
-
Bug
-
Resolution: Fixed
-
High
-
5.1.8, 5.2
-
None
-
5.01
-
7.5
-
Description
Hi Atlassian!
There is a XSS vulnerability in the issue collector:
File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm
Line 82: <td class="nav summary"><a href="${baseurl}/browse/${issue.key}">${issue.summary}</a>
Anonymous users can inject JS in the issue summary which usually will be executed by users with extended permissions.
Best regards,
Conrad