Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-4742

Stored XSS via Defect Summary

    XporterXMLWordPrintable

Details

    • OK

    Description

      Stored XSS via Defect Summary. There is a stored XSS vulnerability via a defect summary, that allows exploiting any Jira user that has access to said issue.

      1.​ ​Create an issue of type Test and give it some name. Make sure that under Test Details the Manual type is selected
      2.​ ​Browse to the newly created test issue
      3.​ ​Scroll below and select Execute in -> New Test Execution and hit Create
      4.​ ​In the view that you get redirected to, select Create Defect
      5.​ ​Enter the XSS payload: "><img src=x onerror=prompt(123)> in the Summary field and hit create.
      6.​ ​Browse back to your issue view (<server>/browse/[ISSUE_KEY]) and see the stored xss fire:

      Attachments

        Activity

          People

            dpca Diamantino Campos
            hslb Hugo Braz [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Time Spent - 5 hours Remaining Estimate - 3 hours, 45 minutes
                3h 45m
                Logged:
                Time Spent - 5 hours Remaining Estimate - 3 hours, 45 minutes
                5h