[JRASERVER-61861] CVE-2016-4318: XSS vulnerability in role name on /project/ViewDefaultProjectRoleActors.jspa

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 7.1.9, Available in Jira Cloud
Affects Version/s: None
Component/s: Project Administration - Users and Roles
Labels:

CVSS Score:
4.8
Bug Fix Policy:
View Atlassian Server bug fix policy

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

A JIRA administrator(a user who is a member of the jira-administrators group) can create a persistent XSS that affects the /project/ViewDefaultProjectRoleActors.jspa resource through a role name.

relates to

JRACLOUD-61861 CVE-2016-4318: XSS vulnerability in role name on /project/ViewDefaultProjectRoleActors.jspa

Closed

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: lukasz.plonka324392336

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 13/Jul/2016 5:47 AM

Updated:: 16/Oct/2018 12:48 AM

Resolved:: 13/Jul/2016 5:52 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates