• Type: Bug
• Resolution: Fixed
• Priority: Medium (View bug fix roadmap)
• Fix Version/s: 6.1
• Affects Version/s: None
• Component/s: None
• Labels:

  • cvss-high
  • security

[JSWSERVER-6705] XSS in redirectType parameter on SearchBoard.jspa

Owen made changes - 16/Oct/2018 1:05 AM

Workflow	Original: JAC Bug Workflow v2 [ 2850734 ]	New: JAC Bug Workflow v3 [ 2933951 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 25/Sep/2018 12:47 AM

Workflow

Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2545396 ]

New: JAC Bug Workflow v2 [ 2850734 ]

Ignat (Inactive) made changes - 01/Feb/2018 12:08 PM

Workflow

Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1551745 ]

New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2545396 ]

jonah (Inactive) made changes - 02/Apr/2017 11:58 AM

Description

Original: This is difficult to reproduce - needs tampering with the post data for the page. On Classic Board, go to the search box. Tamper with the posted data and add the parameter redirectURL with something like: redirectType=xxx"><img src=u onerror=alert(1)> (Note: it doesn't work if you use <script></script> tags) You need to have > 1 page of search results - more than 30 by default, or change the Issues Per Page in the Tools > User Preferences section. The image is rendered within the page numbers.

New: {panel:bgColor=#e7f4fa}   *NOTE:* This bug report is for *JIRA Software Server*. Using *JIRA Software Cloud*? [See the corresponding bug report|http://jira.atlassian.com/browse/JSWCLOUD-6705].   {panel} This is difficult to reproduce - needs tampering with the post data for the page. On Classic Board, go to the search box. Tamper with the posted data and add the parameter redirectURL with something like: redirectType=xxx"><img src=u onerror=alert(1)> (Note: it doesn't work if you use <script></script> tags) You need to have > 1 page of search results - more than 30 by default, or change the Issues Per Page in the Tools > User Preferences section. The image is rendered within the page numbers.

jonah (Inactive) made changes - 02/Apr/2017 11:58 AM

Link

New: This issue relates to JSWCLOUD-6705 [ JSWCLOUD-6705 ]

Owen made changes - 07/Jul/2016 7:05 AM

Workflow

Original: JIRA Bug Workflow w Kanban v6 [ 909301 ]

New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1551745 ]

Security Metrics Bot made changes - 22/Sep/2015 8:53 AM

Labels

Original: security

New: cvss-high security

Oswaldo Hernandez (Inactive) made changes - 02/Jul/2015 12:54 AM

Workflow

Original: GreenHopper Kanban Workflow 20141014 [ 745843 ]

New: JIRA Bug Workflow w Kanban v6 [ 909301 ]

mtokar.adm made changes - 13/Oct/2014 11:59 PM

Workflow

Original: GreenHopper Kanban Workflow v2 [ 449341 ]

New: GreenHopper Kanban Workflow 20141014 [ 745843 ]

VitalyA made changes - 29/Jan/2013 4:06 AM

Labels	Original: advisory-pending security	New: security
Security	Original: Reporters and Developers [ 10021 ]

Load more older events