[JSWSERVER-8991] UpdatingStatus Persistent XSS

Type: Bug
Resolution: Fixed
Priority: Highest (View bug fix roadmap)
Fix Version/s: 6.3.2
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

The UpdatingStatus action is vulnerable to stored XSS when outputting an unsanitized name parameter. Exploitation of this issue first requires creating a status containing HTML markup.

File: greenhopper\src\main\resources\templates\greenhopper\jira\boards\taskboard\Actions\Task-options.vm

code: Border style is not a valid CSS2 border-style value

...
#foreach($tAction in $transitionBoard.availableActions)
<li>
<label>
<input type="radio" name="ghtransition" data-name="tx" value="${tAction.id}"#if($transitionBoard.availableActions.size() == 1 && $transitionBoard.innerActions.isEmpty())CHECKED#end>$tAction.name
</label>
</li>
...

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

Status_persistent_XSS.PNG
83 kB
28/May/2013 12:11 AM
Status_persistent_XSS_configure.PNG
23 kB
28/May/2013 12:11 AM

mentioned in: Page Failed to load; Wiki Page Failed to load

Owen made changes - 16/Oct/2018 1:07 AM

Workflow	Original: JAC Bug Workflow v2 [ 2852852 ]	New: JAC Bug Workflow v3 [ 2935824 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 25/Sep/2018 12:49 AM

Workflow

Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2544396 ]

New: JAC Bug Workflow v2 [ 2852852 ]

Ignat (Inactive) made changes - 01/Feb/2018 12:07 PM

Workflow

Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1550865 ]

New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2544396 ]

Owen made changes - 07/Jul/2016 7:05 AM

Workflow

Original: JIRA Bug Workflow w Kanban v6 [ 909634 ]

New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1550865 ]

Security Metrics Bot made changes - 22/Sep/2015 8:56 AM

Labels

Original: admin_xss fixme security security_codereview

New: admin_xss cvss-high fixme security security_codereview

Oswaldo Hernandez (Inactive) made changes - 02/Jul/2015 12:54 AM

Workflow

Original: GreenHopper Kanban Workflow 20141014 [ 742968 ]

New: JIRA Bug Workflow w Kanban v6 [ 909634 ]

David Black made changes - 20/May/2015 2:01 AM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53542 ]

New: This issue links to "Page (Extranet)" [ 53542 ]

Craig Davies (Inactive) made changes - 28/Apr/2015 11:45 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53542 ]

New: This issue links to "Page (Extranet)" [ 53542 ]

Ashley Blackmore made changes - 28/Apr/2015 6:41 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53542 ]

New: This issue links to "Page (Extranet)" [ 53542 ]

Ashley Blackmore made changes - 28/Apr/2015 6:38 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 53542 ]

New: This issue links to "Page (Extranet)" [ 53542 ]

Assignee:: Unassigned

Reporter:: Daniel

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 28/May/2013 12:11 AM

Updated:: 16/Oct/2018 1:07 AM

Resolved:: 09/Sep/2013 2:10 AM

Jira Software Data Center

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

People

Dates

Backbone Issue Sync