Hi,
I went through various references regarding the patches and issue solved for the XSS vulnerabilities. Currently i am using the JIRA version 6.1 and i want to edit the announcement banner.
While doing so, i tried to inject an script with the text:
eg: Welcome <script>window.location.href="some site"</script>. When i did the changes, it made me to redirect to that particular mentioned site. So how should i prevent the open redirection or XSS vulnerabilities? Is there any way!! Please share/discuss.
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks @Daniel Wester Is there any documentation related to it which states that the html is not allowed in the newer versions. Because i have checked the script injection or html tag in JIRA 6.1.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Probably not the answer you're not wanting - upgrade to the newer version of Jira and the announcement banner doesn't allow html anymore.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.