Summary by Atlassian
There was a stored XSS vulnerability in https://id.atlassian.com/manage/api-tokens via the token name.
CSRF AND STORED XSS WHICH LEADS TO STEALING OF SESSION COOKIES+ GENERATED PRIVATE API TOKENS IN id.atlassian.com WHICH perform basic authentication with Jira Cloud applications or Confluence Cloud
Disclosed by Nisheal_John- Program Atlassian
- Disclosed date over 4 years ago
- Points 10
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by Nisheal_John
XSS through Flash CSRF in id.atlassian.com