XSS in the view parameter of several actions

2014-01-09T00:39:45
ID ATLASSIAN:FE-5017
Type atlassian
Reporter dblack
Modified 2014-01-09T00:44:50

Description

The following XSS issues were detected by a customer.

  • {{/changelog?max=30&view=cru%22;alert(4015891);//%22&@asv=cru}}
  • {{/project/CR?max=30&projectKey=CR&view=all";alert(3166631);//"&@asv=all}}
  • {{/user/c30626?max=30&name=c30626&view=all";alert(1287220);//"&@asv=all}}