Details
-
Bug
-
Resolution: Fixed
-
Highest
-
6.0.5
-
6
-
6.5
-
Description
Using a link like:
https://x.x.com/x=[# please click here onmousemove=alert(1) _]
shows a serious XSS vulnerability - using error correction in browsers (Firefox 24) - in the JIRA description field (and most likely every other wiki-style rendered field).
Example:
https://x.x.com/x=[# please click here onmousemove=alert(1) _]
Please fix asap. For further information pls. contact me.
Cheers
Kai
Attachments
Issue Links
- causes
-
JRASERVER-37426 Performance regression in wiki renderer
- Closed
- incorporates
-
JRASERVER-34970 Emoticons are getting scaled badly
- Closed
- mentioned in
-
Page Loading...