Summary by Atlassian
Unrestricted file upload {Stored Xss for Token hijacking} in Jira Service Desk Server
Unrestricted file upload {Stored Xss for Token hijacking}
Disclosed by Captain_hook- Program Atlassian
- Disclosed date over 3 years ago
- Points 10
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by Captain_hook
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.