Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-35569

XSS vulnerability in JIRA description field

    XMLWordPrintable

Details

    Description

      Using a link like:

      https://x.x.com/x=[# please click here onmousemove=alert(1) _]

      shows a serious XSS vulnerability - using error correction in browsers (Firefox 24) - in the JIRA description field (and most likely every other wiki-style rendered field).

      Example:
      https://x.x.com/x=[# please click here onmousemove=alert(1) _]

      Please fix asap. For further information pls. contact me.

      Cheers
      Kai

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-37426 Performance regression in wiki renderer

          • Low - Low priority issues
          • Closed
          incorporates

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-34970 Emoticons are getting scaled badly

          • Low - Low priority issues
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
              4022a846e2fa Kai Gottschalk
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: