-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
7.1.9
-
7.01
-
Severity 3 - Minor
-
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
Jira Admins can create a persistant XSS on the Incoming Mail configuration page.
When the value
"><script>alert(1)</script>
is inserted into the Witelisted Domain field on the page
/secure/admin/IncomingMailServers.jspa
The javascript persists and executes on page load.
This was tested on Jira version v7.1.9#71013-sha1:1aa0586
- relates to
-
-
- Closed
-
-
HELIX-462 Failed to load
-
JSB-142
You do not have permission to view this issue
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|