Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JSWCLOUD-8991

UpdatingStatus Persistent XSS

XMLWordPrintable

      The UpdatingStatus action is vulnerable to stored XSS when outputting an unsanitized name parameter. Exploitation of this issue first requires creating a status containing HTML markup.

      File: greenhopper\src\main\resources\templates\greenhopper\jira\boards\taskboard\Actions\Task-options.vm

      code: Border style is not a valid CSS2 border-style value

      ...
      #foreach($tAction in $transitionBoard.availableActions)
      <li>
      <label>
      <input type="radio" name="ghtransition" data-name="tx" value="${tAction.id}"#if($transitionBoard.availableActions.size() == 1 && $transitionBoard.innerActions.isEmpty())CHECKED#end>$tAction.name
      </label>
      </li>
      ...


        1. Status_persistent_XSS.PNG
          83 kB
        2. Status_persistent_XSS_configure.PNG
          23 kB

            [JSWCLOUD-8991] UpdatingStatus Persistent XSS

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: JSWCLOUD Bug Workflow [ 3193673 ] New: JAC Bug Workflow v3 [ 3471922 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1885791 ] New: JSWCLOUD Bug Workflow [ 3193673 ]
            vkharisma made changes -
            Project Import New: Sun Apr 02 01:01:23 UTC 2017 [ 1491094883663 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 [ 909634 ] New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1550865 ]
            Security Metrics Bot made changes -
            Labels Original: admin_xss fixme security security_codereview New: admin_xss cvss-high fixme security security_codereview
            Oswaldo Hernandez (Inactive) made changes -
            Workflow Original: GreenHopper Kanban Workflow 20141014 [ 742968 ] New: JIRA Bug Workflow w Kanban v6 [ 909634 ]
            David Black made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53542 ] New: This issue links to "Page (Extranet)" [ 53542 ]
            Craig Davies (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53542 ] New: This issue links to "Page (Extranet)" [ 53542 ]
            Ashley Blackmore made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53542 ] New: This issue links to "Page (Extranet)" [ 53542 ]
            Ashley Blackmore made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 53542 ] New: This issue links to "Page (Extranet)" [ 53542 ]

              Unassigned Unassigned
              cee3f48a9671 Daniel
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: