Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-7479

Allows cross-site scripting

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Low
    • None
    • None
    • None
    • None

    Description

      When the script below is entered into an issue description box, it will execute the next time a person tries to edit the issue:

      </textarea><script type="text/javascript">alert('you have been haxored');</script>

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-6884 Description TEXTAREA on Edit Issue page doesn't escape HTML properly

          • Highest - Our top priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              fc98e8f1f18f Jeffrey Dettmann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: