Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: Low
Fix Version/s: None
Affects Version/s: 5.0, 4.4.5, 6.0, 7.0.10
Component/s: Issue - View Issue
Labels:

Introduced in Version:
4.04
Support reference count:
2
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

It is possible for the "Add Watcher" dialog on the view issue page to suggest a user that cannot watch the issue. The client will render an error saying the user cannot be added. JIRA should not show users that cannot be added.

Restore JIRA QA data.
Goto an issue XSS-21.
Try and add "<script>alert(document.cookie)</script>" as watcher.
(BUG) You will get an error saying that the user cannot see the issue.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: bain

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 12/Jul/2013 8:17 AM

Updated:: 29/Jul/2022 11:47 AM

Resolved:: 29/Jul/2022 11:47 AM