Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.0.2
Affects Version/s: 5.10.6
Component/s: None
Labels:
- affects-server
- cvss-high
- fixme
- security
- verified
- xss

Introduced in Version:
5.1
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Targets: https://test01.jira-dev.com/secure/GHCreateNewIssue.jspa?key=&issueType=7&fieldsKeys=priority,customfield_10006,summary,fixVersions,components,customfield_10005,assignee,customfield_10004,reporter,customfield_100039fd29<script>alert('XSS')</script>15d31825f8e9d6606&fieldsValues=1@%@ @%@XSS"><script>alert('XSS')</script>@%@-1@%@-1@%@1000@%@0@%@100@%@isecpartners@%@iSEC"><script>alert('XSS')</script>&forcedFieldsKeys=&forcedFieldsValues=&createNext=false&projectId=&decorator=none&selectedProjectId=10000&pageType=ChartBoard&subType=ArchiveChartBoard&type=ACB&selectedBoardId=-1&colPage=1
Reproduction:
After login open target URL in browser.
Apply attack value "><script>alert('XSS')</script> in the fieldsKeys parameter.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Screen Shot 2012-08-07 at 1.36.24 PM.png
55 kB
07/Aug/2012 8:37 PM

Issue Links

mentioned in: Page Loading...

relates to: JSTDEV-2111 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Aug/2012 3:24 AM

Updated:: 27/Mar/2019 11:22 PM

Resolved:: 22/Aug/2012 6:42 AM