Uploaded image for project: 'Xporter for Jira'
  1. Xporter for Jira
  2. XPORTER-4185

Xporter is not sanitizing few of the HTML tags and rendering back the tags with out any encoding

    XporterXMLWordPrintable

Details

    • UNCOVERED

    Description

      Description
      Xporter is not sanitizing few of the HTML tags and rendering back the tags with out any encoding. This behaviour leading the application vulnerable to HTML Injection.

      How to reproduce
      1. Login to the application
      2. Go to Profile page
      3. Click on "Xporter Templates"
      4. Create a new template with description having HTML tags (<a
      href=https://google.com>clickhere</a>)
      5. Observed the payload got executed successfully
      6. Click on the hyperlink, it will redirect you the domain injected in payload

      Version

      • 7.0.0

      Attachments

        Activity

          People

            pamp Paulo Pereira
            joao.silva João Silva
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: