Uploaded image for project: 'Jira Software Cloud'
  1. Jira Software Cloud
  2. JSWCLOUD-8991

UpdatingStatus Persistent XSS

    XMLWordPrintable

Details

    Description

      The UpdatingStatus action is vulnerable to stored XSS when outputting an unsanitized name parameter. Exploitation of this issue first requires creating a status containing HTML markup.

      File: greenhopper\src\main\resources\templates\greenhopper\jira\boards\taskboard\Actions\Task-options.vm

      code: Border style is not a valid CSS2 border-style value

      ...
      #foreach($tAction in $transitionBoard.availableActions)
      <li>
      <label>
      <input type="radio" name="ghtransition" data-name="tx" value="${tAction.id}"#if($transitionBoard.availableActions.size() == 1 && $transitionBoard.innerActions.isEmpty())CHECKED#end>$tAction.name
      </label>
      </li>
      ...


      Attachments

        Activity

          People

            Unassigned Unassigned
            cee3f48a9671 Daniel
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: