Reflected XSS in Create Issue Details page

XMLWordPrintable

    • 6.8

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      (filed by vosipov on behalf of a customer) See the original issue. According to my testing a custom field of type "datepicker" accepts any text, including script and will reflect it back unfiltered in case of an error on the page (e.g. not all fields filled in).

      Tested on the latest OnDemand instance. Sample code after injection into customfield_10102

       <div class="field-group aui-field-datepicker" >
                  <label for="customfield_10102">datepicker</label>
                  <input class="text medium-field datepicker-input" id="customfield_10102" name="customfield_10102" type="text" value=">">
                  <script>alert(xss)</script>
                  <"" />
                  <a href="#" id="customfield_10102-trigger" title="Select a date">
                    <span class="aui-icon icon-date">Select a date</span>
                  </a>

        1. Screen Shot 2013-02-15 at 5.07.05 PM.png
          343 kB

            Assignee:
            Eric Dalgliesh
            Reporter:
            Xsite GmbH
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: