Description
NOTE: This bug report is for JIRA Software Server. Using JIRA Software Cloud? See the corresponding bug report.
This is difficult to reproduce - needs tampering with the post data for the page.
On Classic Board, go to the search box. Tamper with the posted data and add the parameter redirectURL with something like:
redirectType=xxx"><img src=u onerror=alert(1)>
(Note: it doesn't work if you use <script></script> tags)
You need to have > 1 page of search results - more than 30 by default, or change the Issues Per Page in the Tools > User Preferences section.
The image is rendered within the page numbers.
Attachments
Issue Links
- relates to
-
JSWSERVER-5562 XSS (reflected) in rankVMID parameter of GetRankPage.jspa
-
- Closed
-
-
-
- Closed
-