Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-34074

XSS Vulnerability - delete filter confirmation

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      Similar to JRA-31564, an XSS bug exists in the delete filter success screen.

      Steps to reproduce:

      1. Search for issues.
      2. Choose "Save as", enter "><script>alert(document.cookie)</script> for the name.
      3. Delete the filter.

      See attached screenshots.

      Attachments

        1. JiraXss1.png
          JiraXss1.png
          106 kB
        2. jiraXss2.png
          jiraXss2.png
          118 kB
        3. jiraXss3.png
          jiraXss3.png
          247 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-34074 XSS Vulnerability - delete filter confirmation

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              rtekhov Roman Tekhov (Inactive)
              2b8a4cc630b8 Beau Taub
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: