Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-3909

JS is being injected in the Test Repository page

    XporterXMLWordPrintable

Details

    • OK

    Description

      It is possible to inject and execute any HTML (including JavaScript) in the Test Repository page.

       

      Steps to reproduce:

      1. Create a folder named: <img src="nop" onerror="alert(1)">
      2. When clicking Enter after the name change, the alert popup will appear

      Attachments

        Issue Links

          Activity

            People

              dpca Diamantino Campos
              hslb Hugo Braz [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: