XSS vulnerability in source tab configure project

XMLWordPrintable

    • 6

      1. Create a new group named "><script>alert("XSS")</script>
      2. In the OnDemand administration section click Fisheye, then Configure to the right of the project name

      This vulnerability is due to an unescaped group.name parameter in projectrepositorypermissions.vm

      e.g. https://iceberg.jira-dev.com/secure/admin/ProjectRepositoryPermissions.jspa?repositoryKey=SCR

      Note that this issue is about a different template to JRA-29686.

              Assignee:
              Eric Dalgliesh
              Reporter:
              Karla Burnett [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: