Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.2-OD-5, 6.1.5
Affects Version/s: 6.0.5
Component/s: Issue - Fields
Labels:
- affects-server
- cvss-high
- security
- xss

Introduced in Version:
6
CVSS Score:
6.5

Using a link like:

https://x.x.com/x=[# please click here onmousemove=alert(1) _]

shows a serious XSS vulnerability - using error correction in browsers (Firefox 24) - in the JIRA description field (and most likely every other wiki-style rendered field).

Example:
https://x.x.com/x=[# please click here onmousemove=alert(1) _]

Please fix asap. For further information pls. contact me.

Cheers
Kai

causes

JRASERVER-37426 Performance regression in wiki renderer

Closed

incorporates

JRASERVER-34970 Emoticons are getting scaled badly

Closed

mentioned in: Page Loading...

Assignee:: Oswaldo Hernandez (Inactive)
Reporter:: Kai Gottschalk
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: 30/Oct/2013 9:24 AM
Updated:: 28/Mar/2019 12:11 AM
Resolved:: 10/Dec/2013 4:19 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates