Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-6382

Stored XSS on XRay Server on XRay Report via custom field

    XporterXMLWordPrintable

Details

    • XRAY 2020 Sprint 4
    • OK

    Description

      Steps:

      1. Go to Custom Field
      2. Click in Add Custom Field
      3. Select any Custom Field type
      4. Add name and Description Custom Field as XSS Payload.

       "><img src=x onerror=alert(document.cookie)>
      5 Click save Custom Field Then go to Xray Report. http://localhost:8080/secure/XrayReport!default.jspa?selectedProjectKey=PRO
      6 Now click in Filter(s) Button and Click in More drop list
      7 Search for the "custom field" you added "><img src=x onerror=alert(document.cookie)>, And choose it
      8 Now it will add it as a field. Enter any value in this field and click Apply.
      9 After click apply XSS Payload fire in your browser.

       

       

      Attachments

        Activity

          People

            dpca Diamantino Campos
            dpca Diamantino Campos
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h