Details
-
Bug
-
Resolution: Fixed
-
High
Description
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
Pie Chart and Heat Map have a persistent XSS vulnerability.
When HTML tag is stored as Custom Field name (e.g. <script>) then after configuring Pie Chart (or Heat Map) and pressing Save the gadget is not shown but stays at configuration state.
Only after refreshing the gadget displays information.
Attachments
Issue Links
- is related to
-
JRASERVER-36251 XSS in Pie Chart and Heat Map
- Closed