XSS Vulnerability - delete filter confirmation

XMLWordPrintable

    • 6

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      Similar to JRA-31564, an XSS bug exists in the delete filter success screen.

      Steps to reproduce:

      1. Search for issues.
      2. Choose "Save as", enter "><script>alert(document.cookie)</script> for the name.
      3. Delete the filter.

      See attached screenshots.

        1. jiraXss3.png
          247 kB
        2. jiraXss2.png
          118 kB
        3. JiraXss1.png
          106 kB

            Assignee:
            Roman Tekhov (Inactive)
            Reporter:
            Beau Taub
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: