CVE-2007-6617Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Jira
Timeline
PublishedJan 3
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDatlassian/jira3.12

Patches

Patch: confluence.atlassian.comPatch: confluence.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-wwhc-hp78-qq9x: Cross-site scripting (XSS) vulnerability in 500page2022-05-01
CVEList
CVE-2007-6617: Cross-site scripting (XSS) vulnerability in 500page2008-01-03
CVE-2007-6617 — Cross-site Scripting in Atlassian Jira | cvebase