Issue reminder templates allows Jira Administrators to insert script.

Description

This may cause XSS attacks by Jira Admins. But Jira by design allows Administrators to embed scripts in various places:

  • Announcement banner

  • Description of custom fields

But we will fix this because ability to add script to message template is not a useful feature.

Environment

None

Assignee

Deniz Oğuz

Reporter

Deniz Oğuz

Labels

None

Jira Version

None

Database Type/Version

None

Browser Type/Version

None

Fix versions

Priority

Major
Configure