Content Spoofing in UpdateMyJiraHome

XMLWordPrintable

    • 6.04
    • 4.3

      A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users.

      How to reproduce:
      1- go to https://jira.atlassian.com/secure/UpdateMyJiraHome.jspa?target=whscheck.%20For%20assistance%20contact%20our%20support%20department%20at%20testing@whitehatsec.com.&atl_token=ARL5-JM5F-FL1H-5Q9J|4f0e936efad6fa907c51844f07311cdefce004c1|lin
      2 - click "Retry Operation"

        1. screenshot-1.png
          screenshot-1.png
          49 kB

            Assignee:
            Oswaldo Hernandez (Inactive)
            Reporter:
            pfomin@visa.com
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: