Open Redirection Issue in JIRA Announcement Banner

2018-03-27T08:09:48
ID ATLASSIAN:JRASERVER-67024
Type atlassian
Reporter shah.manoj86
Modified 2018-04-17T17:42:31

Description

Hi,

I am currently using Jira 6.1. And the issue is related to the Jira announcement banner. While editing/adding the announcement banner i tried to inject a script like <script>window.location.href='www.somesite'</script>. By doing so, after logging in to Jira , it redirected to the particular site. Therefore i came to know that the application allows scripts to inject and I want to prevent/avoid this. In my case it is open redirection issue. Need help on this!!