Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-6472

Stored XSS in Test Plan Board & Test Repository By "JQL Search"

    XporterXMLWordPrintable

Details

    • XRAY 2020 Sprint 5

    Description

      Steps:

      1. Attacker go to any one of them ComponentCustom FieldCategory OR Version
      2. Attacker in Name Filed add XSS Payload: Component \"><img src=x onerror=alert('ComponentName')>
      3. Go to Test Repository OR Test Plan Board
      4. Click in Filters > ADVANCED.
      5. Now IF user add this search Syntax in JQL Search :

       {{component = "Component \"><img src=x onerror=alert('ComponentName')>" }}

      Attachments

        Issue Links

          Activity

            People

              hslb Hugo Braz [X] (Inactive)
              dpca Diamantino Campos
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: