Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.4.2
Affects Version/s: 7.2.7
Component/s: Navigation - Export
Labels:
- pse-request
- security
- xss

Introduced in Version:
7.02
Support reference count:
2
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

A search endpoint is vulnerable to an XSS injection in certain cases.

Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. (see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri)

Attachments

Activity

People

Assignee:: Kamil Kolonko

Reporter:: Micah Figone

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Due:: 06/Jun/2017

Created:: 23/Oct/2017 12:40 PM

Updated:: 28/Mar/2019 12:24 AM

Resolved:: 23/Oct/2017 12:48 PM