XSS vulnerability in chart saving

XMLWordPrintable

    • 5.02
    • 6

      1. Create a new dashboard with the name <script>alert("XSS")</script>
      2. Go to the issue navigator and perform a search
      3. Choose Views -> charts -> Save to dashboard

      This is because portal.name is unescaped in savetodashboard.vm.

      Tested in OnDemand and BTF.

              Assignee:
              Eric Dalgliesh
              Reporter:
              Karla Burnett [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: