How a simple “Question” field turned into a Stored XSS that executed inside Jira’s admin reports
Press enter or click to view image in full size
Introduction
Cross-Site Scripting (XSS) vulnerabilities continue to appear in even the most robust enterprise products. This report highlights how a stored XSS in Atlassian Jira Service Management allowed a non-authenticated user to inject malicious JavaScript code that later executed in an administrator’s context all by using the public Service Desk Widget.
In this write-up, we’ll discuss:
- What this vulnerability was
- How the researcher found and exploited it
- The impact it had on administrators
- How you can test for similar stored XSS vulnerabilities in widget-based products
Vulnerability Type
- Stored Cross-Site Scripting (XSS) Non-Authenticated to Admin
- Category: Web Application
- VRT Classification: Cross-Site Scripting > Stored > Non-Privileged User to Anyone
This vulnerability occurs when unescaped input is stored on the server and later rendered within the web application in an unsafe manner. In…