Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 6.1.6, 6.2-OD-7
Affects Version/s: None
Component/s: Dashboard & Gadgets
Labels:
- cvss-high
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

Pie Chart and Heat Map have a persistent XSS vulnerability.

When HTML tag is stored as Custom Field name (e.g. <script>) then after configuring Pie Chart (or Heat Map) and pressing Save the gadget is not shown but stays at configuration state.

Only after refreshing the gadget displays information.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

PieChart.png
34 kB
18/Dec/2013 11:00 PM
xss.png
157 kB
18/Dec/2013 11:00 PM

Issue Links

relates to

JRACLOUD-36251 XSS in Pie Chart and Heat Map

Closed

clones: JDEV-21755 Loading...

mentioned in: Page Loading...

Testing discovered: JDEV-21449 Loading...

Activity

People

Assignee:: Oswaldo Hernandez (Inactive)

Reporter:: Ignat (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Dec/2013 11:00 PM

Updated:: 15/Jan/2019 6:25 AM

Resolved:: 14/Jan/2014 4:25 AM