Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-6477

XSS in Issue Type Mapping configuration through Issue linking

    XporterXMLWordPrintable

Details

    • XRAY 2020 Sprint 5

    Description

      Steps:

      • Login as an Admin account > Jira administration > Issues > Issue linking
      • Add New Link Type:

       {{Name: Name
      Outward Link Description: Outward </option><script>alert(1)</script>}}
      Inward Link Description: Inward <script>alert(2)</script>

      • Login to other Administrator (Higher privileges) > Jira administration > Manage apps > Issue Type Mapping > Untick Sub-Tasks/Links > Issue Link Type => Xss will be trigged

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. XRAY-6479 Stored XSS at Xray Server in Test Execution issues by Assignee name

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tvca Tomás Caldas [X] (Inactive)
              dpca Diamantino Campos
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 2 hours
                  1d 2h