Details
-
Bug
-
Resolution: Fixed
-
High
-
None
Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
Pie Chart and Heat Map have a persistent XSS vulnerability.
When HTML tag is stored as Custom Field name (e.g. <script>) then after configuring Pie Chart (or Heat Map) and pressing Save the gadget is not shown but stays at configuration state.
Only after refreshing the gadget displays information.
Attachments
Issue Links
- relates to
-
JRACLOUD-36251 XSS in Pie Chart and Heat Map
- Closed
- clones
-
JDEV-21755 Loading...
- mentioned in
-
Page Loading...
- Testing discovered
-
JDEV-21449 Loading...