Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1500Cross-site Scripting in Atlassian Greenhopper

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 55.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Atlassian GreenhopperAtlassian Jira
Timeline
PublishedFeb 13
Latest updateApr 23

Description

Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDatlassian/jira4.4.3

🔴Vulnerability Details

2
GHSA
GHSA-7qc8-6vj6-vfrq: Stored XSS vulnerability in UpdateFieldJson2022-04-23
CVEList
CVE-2012-1500: Stored XSS vulnerability in UpdateFieldJson2020-02-13

💥Exploits & PoCs

1
Exploit-DB
jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities2012-09-04
CVE-2012-1500 — Cross-site Scripting in Atlassian | cvebase