Please log in to bookmark issues
#2886 – 
Bug report
Click to toggle a vote for this issue
0 + 0
Time tracking started at Paused

Users with the privilege to post comments can store malicious code in the database or any other persistent media, by entering JavaScript code in the “Post Comment” field located inside all the reported issues. The inserted code will be executed every time the data is retrieved by another user.

How to reproduce
  1. Look for any issue and open it.
  2. Click on the “Post comment” button.
  3. In the “COMMENT” filed, type the following: ">; check the “SAVE MY CHANGES WITH THIS COMMENT” option and click on the “Create comment” button.
  4. As you can see, the injected script is executed, displaying an external site.
  5. Back to the issue where the comment was added and refresh the page to make sure the scrips is persistent.
  6. Finally, the script is executed again, as a proof that it has been saved in the application’s database.
Jun 25, 2020 (23:18)
Cross-Site Scripting code: "><img src="xss" onerror="window.

This issue only exists if the comment uses markdown syntax.
Important details
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Times and dates
  • Estimated time No time estimated
People involved
Other details
  • Not determined