⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2010-1164Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 31.42%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Atlassian Jira
Timeline
PublishedApr 20
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDatlassian/jira14 versions+13

Patches

Patch: confluence.atlassian.comPatch: jira.atlassian.comPatch: confluence.atlassian.com

🔴Vulnerability Details

3
GHSA
GHSA-hq38-r2rw-x533: Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 32022-05-02
CVEList
CVE-2010-1164: Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 32010-04-20
VulnCheck
Atlassian Jira Server and Data Center Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2010

💬Community

1
Bugzilla
CVE-2009-2696 tomcat: missing fix for CVE-2009-07812010-07-21
CVE-2010-1164 — Cross-site Scripting in Atlassian Jira | cvebase