CVE-2007-0885
published 2007-02-12CVE-2007-0885: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject…
PriorityP268medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.47%
91.8th percentile
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e↗
- →Look for HTTP GET requests to /jira/secure/BrowseProject.jspa with an `id` parameter containing HTML/script injection payloads (e.g., URL-encoded `">` or `<script>` sequences). ↗
- →Detect reflected XSS by checking HTTP 200 responses of Content-Type text/html that echo back the string `">alert(document.domain)` in the response body. ↗
- →The attack vector is a crafted `id` parameter value beginning with `">` to break out of an HTML attribute context and inject arbitrary script; monitor for URL-encoded variants `%22%3e` in requests to BrowseProject.jspa. ↗
- ·The vulnerability is specific to JIRA installations running the Rainbow.Zen (Rainbow Portal) extension; vanilla JIRA without this extension is not affected. ↗
- ·The affected CPE is cpe:2.3:a:rainbow_portal:rainbow.zen:*:*:*:*:*:*:*:* — all versions of Rainbow.Zen are listed as vulnerable; scope detection rules to hosts running this specific plugin. ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jvxq-rfm6-xrfm: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject
ghsa_unreviewed·2022-05-01
CVE-2007-0885 [MEDIUM] GHSA-jvxq-rfm6-xrfm: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
VulnCheck
rainbow_portal rainbow.zen Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2007·CVSS 6.8
CVE-2007-0885 [MEDIUM] rainbow_portal rainbow.zen Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
rainbow_portal rainbow.zen Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Affected: rainbow_portal rainbow.zen
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2007-0885
No detection rules found.
Exploit-DB
Atlassian JIRA 3.7.3 - BrowseProject.JSPA Cross-Site Scripting
exploitdb·2007-02-09
CVE-2007-0885 Atlassian JIRA 3.7.3 - BrowseProject.JSPA Cross-Site Scripting
Atlassian JIRA 3.7.3 - BrowseProject.JSPA Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22503/info
Atlassian JIRA is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/jira/secure/BrowseProject.jspa?id=">alert('XSS')
Nuclei
Jira Rainbow.Zen - Cross-Site Scripting
nuclei·CVSS 6.8
CVE-2007-0885 [MEDIUM] Jira Rainbow.Zen - Cross-Site Scripting
Jira Rainbow.Zen - Cross-Site Scripting
Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Template:
id: CVE-2007-0885
info:
name: Jira Rainbow.Zen - Cross-Site Scripting
author: geeknik
severity: medium
description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
impact: |
Attackers can execute arbitrary scripts in the victim's browser, leading to session hijacking or defacement.
remediation: |
Apply the latest security patches or upgrade to a patched version of Jira Rainbow.Zen to mitigate the Cross-Site Scrip
No writeups or analysis indexed.
http://osvdb.org/33683http://www.securityfocus.com/archive/1/459590/100/0/threadedhttp://www.securityfocus.com/bid/22503https://exchange.xforce.ibmcloud.com/vulnerabilities/32418http://osvdb.org/33683http://www.securityfocus.com/archive/1/459590/100/0/threadedhttp://www.securityfocus.com/bid/22503https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
2007-02-12
Published
Exploited in the wild