Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-36251

XSS in Pie Chart and Heat Map

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      Pie Chart and Heat Map have a persistent XSS vulnerability.

      When HTML tag is stored as Custom Field name (e.g. <script>) then after configuring Pie Chart (or Heat Map) and pressing Save the gadget is not shown but stays at configuration state.

      Only after refreshing the gadget displays information.

      Attachments

        1. PieChart.png
          34 kB
        2. xss.png
          157 kB

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-36251 XSS in Pie Chart and Heat Map

          • High - High priority issues
          • Closed

          Activity

            People

              ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
              ialexeyenko Ignat (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: