-
Type:
Bug
-
Resolution: Fixed
-
Priority:
High
-
Affects Version/s: 5.2-m05, 5.2
-
Component/s: None
-
5.02
-
6.8
The Create Issue Detail page is vulnerable to reflected XSS.
1. Login to https://$JIRA/
2. Visit https://$JIRA/secure/CreateIssueDetails.jspa?reporter="><script>alert('XSS')<%2Fscript><p+name%3D"&pid=10000&issuetype=2
3. Accept XSRF token warning
For example, https://volcano.jira-dev.com/secure/CreateIssueDetails.jspa?reporter="><script>alert('XSS')<%2Fscript><p+name%3D"&pid=10000&issuetype=2
- was cloned as
-
-
- Closed
-
