Uploaded image for project: 'Application Links'
  1. APL-1363

XSS in the invalidRedirectUrl template through the redirectUrl parameter - CVE-2017-16860

    Details

    • Sprint:
    • Testing Notes:
      Hide

      Add notes...

      Show
      Add notes...

      Description

      The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Who's Looking?