XSS

Issue #59 new
Максим Сметанников created an issue

Hi,

In JIRA Threaded Comments plugin v 1.27.5

XSS vulnerability detected:

http://172.27.29.146:8080/plugins/servlet/threaded-comments/helper?commentId=9847&issueKey=SEC-2059%22%3E%27%3Cimg+src+onerror=alert(%22xss_ochka%22)%3E&projectKey=SEC&_=1591339381

Step reproduce:

  1. Replace base url with what is used in your Jira
  2. Follow the link

This bug only reproduces if Threaded Comments is enabled

Vulnerability occurs due to the lack of escaping of special characters.
To fix vulnerabilities in data output, it is necessary to encode special characters into their safe counterparts, depending on the output context. In the basic version, convert

Vulnerability occurs due to the lack of escaping of special characters.
To fix vulnerabilities in data output, it is necessary to encode special characters into their safe counterparts, depending on the output context. In this case, convert:

&<>"'

to

&amp;&lt;&gt;&quot;&#x27;

Comments (5)

  1. Log in to comment