Details
-
Bug
-
Resolution: Fixed
-
Medium
-
6.1.2, 6.1.4
-
None
-
6.01
-
6.8
-
Description
In the createIE function inside dhtmlHistory.js the value of the fragment identifier, is concatenated to create the html of an iframe without first being html escaped or url encoded. This results in a DOM XSS which is exploitable in internet explorer.
Steps to reproduce:
1. Create a project named 'testproject' that has a key of 'TESTP'
2. In Internet Explorer Go to https://$jiradomain/$contextpath/browse/TESTP#src="/></iframe><script>alert(3);</script>
3. If an alert prompt containing the number 3 does not appear try refreshing the page.
4. Observe an alert prompt containing the number 3 is shown.
Attachments
Issue Links
- relates to
-
JRASERVER-27704 Remove /includes/blank.html
- Closed
- mentioned in
-
Page Loading...