Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.3.2
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The UpdatingStatus action is vulnerable to stored XSS when outputting an unsanitized name parameter. Exploitation of this issue first requires creating a status containing HTML markup.

File: greenhopper\src\main\resources\templates\greenhopper\jira\boards\taskboard\Actions\Task-options.vm

code: Border style is not a valid CSS2 border-style value

...
#foreach($tAction in $transitionBoard.availableActions)
<li>
<label>
<input type="radio" name="ghtransition" data-name="tx" value="${tAction.id}"#if($transitionBoard.availableActions.size() == 1 && $transitionBoard.innerActions.isEmpty())CHECKED#end>$tAction.name
</label>
</li>
...

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Status_persistent_XSS_configure.PNG
23 kB
28/May/2013 12:11 AM
Status_persistent_XSS.PNG
83 kB
28/May/2013 12:11 AM

Issue Links

mentioned in: Page Loading...; Wiki Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Daniel

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/May/2013 12:11 AM

Updated:: 16/Oct/2018 1:07 AM

Resolved:: 09/Sep/2013 2:10 AM