UpdatingStatus Persistent XSS

XMLWordPrintable

      The UpdatingStatus action is vulnerable to stored XSS when outputting an unsanitized name parameter. Exploitation of this issue first requires creating a status containing HTML markup.

      File: greenhopper\src\main\resources\templates\greenhopper\jira\boards\taskboard\Actions\Task-options.vm

      code: Border style is not a valid CSS2 border-style value

      ...
      #foreach($tAction in $transitionBoard.availableActions)
      <li>
      <label>
      <input type="radio" name="ghtransition" data-name="tx" value="${tAction.id}"#if($transitionBoard.availableActions.size() == 1 && $transitionBoard.innerActions.isEmpty())CHECKED#end>$tAction.name
      </label>
      </li>
      ...


        1. Status_persistent_XSS_configure.PNG
          23 kB
          Daniel
        2. Status_persistent_XSS.PNG
          83 kB
          Daniel

              Assignee:
              Unassigned
              Reporter:
              Daniel
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: