[JSWCLOUD-6705] XSS in redirectType parameter on SearchBoard.jspa

Type: Bug
Resolution: Fixed
Priority: Medium
Component/s: None
Labels:
- cvss-high
- security

Bug Fix Policy:
View Atlassian Cloud bug fix policy

NOTE: This bug report is for JIRA Software Cloud. Using JIRA Software Server? See the corresponding bug report.

This is difficult to reproduce - needs tampering with the post data for the page.

On Classic Board, go to the search box. Tamper with the posted data and add the parameter redirectURL with something like:
redirectType=xxx"><img src=u onerror=alert(1)>
(Note: it doesn't work if you use <script></script> tags)

You need to have > 1 page of search results - more than 30 by default, or change the Issues Per Page in the Tools > User Preferences section.

The image is rendered within the page numbers.

is related to

JSWSERVER-6705 XSS in redirectType parameter on SearchBoard.jspa

Closed

Monique Khairuliana (Inactive) made changes - 29/Aug/2019 12:49 AM

Workflow	Original: JSWCLOUD Bug Workflow [ 3193393 ]	New: JAC Bug Workflow v3 [ 3471370 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 06/May/2019 4:55 AM

Workflow

Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1887650 ]

New: JSWCLOUD Bug Workflow [ 3193393 ]

jonah (Inactive) made changes - 02/Apr/2017 11:58 AM

Description

Original: This is difficult to reproduce - needs tampering with the post data for the page.

On Classic Board, go to the search box. Tamper with the posted data and add the parameter redirectURL with something like:
redirectType=xxx"><img src=u onerror=alert(1)>
(Note: it doesn't work if you use <script></script> tags)

You need to have > 1 page of search results - more than 30 by default, or change the Issues Per Page in the Tools > User Preferences section.

The image is rendered within the page numbers.

New: {panel:bgColor=#e7f4fa}
*NOTE:* This bug report is for *JIRA Software Cloud*. Using *JIRA Software Server*? [See the corresponding bug report|http://jira.atlassian.com/browse/JSWSERVER-6705].
{panel}

This is difficult to reproduce - needs tampering with the post data for the page.

On Classic Board, go to the search box. Tamper with the posted data and add the parameter redirectURL with something like:
redirectType=xxx"><img src=u onerror=alert(1)>
(Note: it doesn't work if you use <script></script> tags)

You need to have > 1 page of search results - more than 30 by default, or change the Issues Per Page in the Tools > User Preferences section.

The image is rendered within the page numbers.

jonah (Inactive) made changes - 02/Apr/2017 11:58 AM

Link

New: This issue is related to ~~JSWSERVER-6705~~ [ ~~JSWSERVER-6705~~ ]

vkharisma made changes - 02/Apr/2017 1:02 AM

Project Import

New: Sun Apr 02 01:01:23 UTC 2017 [ 1491094883663 ]

Owen made changes - 07/Jul/2016 7:05 AM

Workflow

Original: JIRA Bug Workflow w Kanban v6 [ 909301 ]

New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1551745 ]

Security Metrics Bot made changes - 22/Sep/2015 8:53 AM

Labels

Original: security

New: cvss-high security

Oswaldo Hernandez (Inactive) made changes - 02/Jul/2015 12:54 AM

Workflow

Original: GreenHopper Kanban Workflow 20141014 [ 745843 ]

New: JIRA Bug Workflow w Kanban v6 [ 909301 ]

mtokar.adm made changes - 13/Oct/2014 11:59 PM

Workflow

Original: GreenHopper Kanban Workflow v2 [ 449341 ]

New: GreenHopper Kanban Workflow 20141014 [ 745843 ]

VitalyA made changes - 29/Jan/2013 4:06 AM

Labels	Original: advisory-pending security	New: security
Security	Original: Reporters and Developers [ 10021 ]

Assignee:: Unassigned

Reporter:: JoanneA (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 21/Nov/2012 12:27 AM

Updated:: 29/Aug/2019 12:49 AM

Resolved:: 27/Nov/2012 10:23 PM

Jira Cloud

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates