Uploaded image for project: 'Xporter for Jira'
  1. Xporter for Jira
  2. XPORTER-3208

Stored XSS path field in scheduled reports setting

    XporterXMLWordPrintable

Details

    • Xporter - 6.5.0 Sprint 5
    • OK

    Description

      The path parameter at Scheduled Actions of Scheduled Report setting is not encoded html, leads to the Administrator user who can edit the setting can xss attack to System Administrator or other Administrator user.

      Attachments

        Activity

          People

            afro Andre Fernandes Rodrigues
            rmbr Rui Rodrigues
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours, 30 minutes
                4h 30m