XSS in admin/ViewIssueFields.jspa

2013-09-30T07:48:05
ID ATLASSIAN:JRA-35084
Type atlassian
Reporter ablackmore
Modified 2016-10-31T23:39:00

Description

Reproduction: 1. Create custom fields with <script>alert(1)</script> in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made -> XSSed