Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-31564

XSS vulnerability on the Delete Project Role Page

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • 6.0-OD-09
    • None
    • None

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      Steps to Reproduce:

      1. Login as admin and navigate to user management page.
      2. Click on Roles in the left side menu
      3. Create a roles like Users <script>alert(123)</script>
      4. Click on the delete link corresponding to that user.

      See attached video

      Attachments

        1. deleteprojectrole.png
          deleteprojectrole.png
          22 kB
        2. XSS.swf
          393 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-31564 XSS vulnerability on the Delete Project Role Page

          • Low - Low priority issues
          • Closed

          JRADEV-18601 Loading...

          Activity

            People

              mhenderson Marty Henderson (Inactive)
              scurtis Sean Curtis (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: