Details
-
Bug
-
Resolution: Fixed
-
Low
-
6.4.2
-
None
-
6.04
-
4.3
-
Description
A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users.
How to reproduce:
1- go to https://jira.atlassian.com/secure/UpdateMyJiraHome.jspa?target=whscheck.%20For%20assistance%20contact%20our%20support%20department%20at%20testing@whitehatsec.com.&atl_token=ARL5-JM5F-FL1H-5Q9J|4f0e936efad6fa907c51844f07311cdefce004c1|lin
2 - click "Retry Operation"
Attachments
Issue Links
- relates to
-
JRASERVER-40793 "Content injection" issue in gadgets
- Closed