Reflected XSS in Create Issue Details page

XMLWordPrintable

    • 6.8

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      (filed by vosipov on behalf of a customer) See the original issue. According to my testing a custom field of type "datepicker" accepts any text, including script and will reflect it back unfiltered in case of an error on the page (e.g. not all fields filled in).

      Tested on the latest OnDemand instance. Sample code after injection into customfield_10102

       <div class="field-group aui-field-datepicker" >
                  <label for="customfield_10102">datepicker</label>
                  <input class="text medium-field datepicker-input" id="customfield_10102" name="customfield_10102" type="text" value=">">
                  <script>alert(xss)</script>
                  <"" />
                  <a href="#" id="customfield_10102-trigger" title="Select a date">
                    <span class="aui-icon icon-date">Select a date</span>
                  </a>

        1. Screen Shot 2013-02-15 at 5.07.05 PM.png
          343 kB
          VitalyA

              Assignee:
              Eric Dalgliesh
              Reporter:
              Xsite GmbH
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: