Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-36233

XSS in Create Project dialog

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • High
    • 6.2-OD-8
    • None
    • None

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      When creating a project and board in JAG on On Demand with scripts in the board name and project name, an XSS vulnerability was found.
      [screenshot]

      Steps to reproduce:

      1. Click on Agile > Getting Started
      2. Click on Create a new board button
      3. Select "New project and a new board"
      4. Enter a XSS string (e.g. <script>alert(1)</script>) in Project name. Fill all the other fields with any values
      5. Select Agile Simplified Workflow (recommended)
      6. When the dialog "Creating and linking companions for your JIRA project" is rendered, you'll get the alert

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-36233 XSS in Create Project dialog

          • High - High priority issues
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              rtekhov Roman Tekhov (Inactive)
              mjopson Martin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: