Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.0.0-OD-02, 6.4.9
Affects Version/s: 6.4.2
Component/s: None
Labels:

Introduced in Version:
6.04
CVSS Score:
5

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users.

How to reproduce:
https://jira.atlassian.com/secure/AddPortalPage!default.jspa?clonePageId=543%22You%20are%20seeing%20this%20error%20due%20to%20unauthenitcated/malicious%20activity%20from%20this%20account.%20To%20proceed%20please%20contact%20a%20Customer%20Service%20agent%20at(800)%20555-5555%20or%20email%20us%20at%20%22stealyourid@example.com&atl_token=ARL5-JM5F-FL1H-5Q9J%7C363acff80f4bb537d96e7be72241ecbc7e06b076%7Clin

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

screenshot-1.png
81 kB
18/Jun/2015 10:10 PM

Assignee:: Oswaldo Hernandez (Inactive)
Reporter:: pfomin@visa.com
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: 18/Jun/2015 10:07 PM
Updated:: 05/Dec/2019 1:30 AM
Resolved:: 29/Jul/2015 9:22 AM

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates