[TIME-275] Persisted XSS on 'Additional Fields' on report configuration for jira-timesheet-plugin:report
Issue #275
resolved
To reproduce:
- create a custom field called <script>alert(1);</script>
- go to .../secure/ConfigureReport!default.jspa?reportKey=jira-timesheet-plugin:report
This affects 2.3.5 (not released on JIRA otherwise I'd specify that in the affects field). I suspect it affects earlier versions also.
By edalgliesh/Eric Dalgliesh on Wed, 15 Aug 2012 18:19:28 -0700
Comments (2)
-
reporter -
reporter - removed version
Removing version: 2.3.9 (automated comment)
- Log in to comment
Fixed in 2.3.6, thank you for the catch!
Committed revision 169466
By azhdanov on Thu, 30 Aug 2012 13:48:47 -0700