Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Done
-
None
-
XRAY 2020 Sprint 5
Description
Steps:
- Attacker go to any one of them Component, Custom Field, Category OR Version
- Attacker in Name Filed add XSS Payload: Component \"><img src=x onerror=alert('ComponentName')>
- Go to Test Repository OR Test Plan Board
- Click in Filters > ADVANCED.
- Now IF user add this search Syntax in JQL Search :
{{component = "Component \"><img src=x onerror=alert('ComponentName')>" }}
Attachments
Issue Links
- is cloned by
-
XRAY-6473 Stored XSS in Tests List Gadget
- Closed