Ansicolor Plugin makes console output view vulnerable to XSS attacks

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major
    • Component/s: plugin-proposals
    • None

      The plugin has a problem with XSS code.

      Just create a buildjob that executes the following shell command and have ansicolor enabled.
      echo -e "\e[1;94m test<script>var xss = function()

      { alert('not good');}

      ; xss();</script>"
      It needs the special char which seems to get filtered in Jira.

            Assignee:
            Unassigned
            Reporter:
            Karsten Elfenbein
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: