Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
When creating a project and board in JAG on On Demand with scripts in the board name and project name, an XSS vulnerability was found.
[screenshot]
Steps to reproduce:
- Click on Agile > Getting Started
- Click on Create a new board button
- Select "New project and a new board"
- Enter a XSS string (e.g. <script>alert(1)</script>) in Project name. Fill all the other fields with any values
- Select Agile Simplified Workflow (recommended)
- When the dialog "Creating and linking companions for your JIRA project" is rendered, you'll get the alert
Attachments
Issue Links
- relates to
-
JRACLOUD-36233 XSS in Create Project dialog
- Closed
- mentioned in
-
Page Loading...