Uploaded image for project: 'ONE'
  1. ONE
  2. ONE-24289

Stored XSS vulnerability via markers

    XMLWordPrintable

Details

    • [Inactive] Just Gantt
    • BigPicture, BigGantt
    • JIRA server, JIRA cloud
    • 5
    • 1
    • No
    • $i18n.getText("admin.common.words.hide")
      $i18n.getText("admin.common.words.show")
      var cfToHide1 = document.getElementById("rowForcustomfield_18501"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_18502"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19700"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_18400"); if(cfToHide4){cfToHide4.style.display="none";}
    • Sprint 2020/14
    • 6 days, 19 hours, 10 minutes, 47 seconds
    • 2 hours, 13 minutes, 58 seconds
    • 40 minutes, 47 seconds
    • 34 minutes
    • 3 minutes, 2 seconds
    • 1 minute, 48 seconds
    • 2 days, 2 hours, 48 minutes, 40 seconds
    • $i18n.getText("admin.common.words.hide")
      $i18n.getText("admin.common.words.show")
      var cfToHide1 = document.getElementById("rowForcustomfield_21302"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_19201"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19300"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_19301"); if(cfToHide4){cfToHide4.style.display="none";} var cfToHide5 = document.getElementById("rowForcustomfield_19302"); if(cfToHide5){cfToHide5.style.display="none";} var cfToHide6 = document.getElementById("rowForcustomfield_19303"); if(cfToHide6){cfToHide6.style.display="none";} var cfToHide7 = document.getElementById("rowForcustomfield_19204"); if(cfToHide7){cfToHide7.style.display="none";} var cfToHide8 = document.getElementById("rowForcustomfield_19205"); if(cfToHide8){cfToHide8.style.display="none";}

    Description

      https://tracker.bugcrowd.com/softwareplant-blitz/submissions/c47850fe-8662-4102-bf68-ba5e899ed80f

      CVSS v3 >= 4.0 Medium

      Accepted on 17.06.2020

      Due date: 12.08.2020

      Steps to reproduce:

      1. Create a Gantt marker with stored XSS script as the name (example: <img src=x onerror=alert(/marker/)>
      2. Refresh the page

      Result:

      The script is executed automatically.

      Expected result:

      The script should not be executable

      Attachments

        Activity

          People

            michal.szpak Michał Szpak
            marcin.kozinski Marcin Koziński
            tomasz.jaskiewicz Tomasz Jaśkiewicz , lukasz.kozlowski Łukasz Kozłowski , system.jenkins Jenkins , karolina.dajos Karolina Dajos-Krawczyńska , pawel.guz Pawel Guz , ilya.rybakou Ilya Rybakou , system.gerrit Gerrit , jerzy.sekula Jerzy Sekula , mateusz.kielbowicz Mateusz Kielbowicz , lukasz.pawelczak Łukasz Pawełczak , michal.szpak Michał Szpak , marcin.kozinski Marcin Koziński
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: