CVE-2016-6285Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.8%
top 26.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Jira
Timeline
PublishedJan 31
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDatlassian/jira7.2.1

🔴Vulnerability Details

2
GHSA
GHSA-73j8-52vp-m475: Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations2022-05-17
CVEList
CVE-2016-6285: Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations2017-01-31
CVE-2016-6285 — Cross-site Scripting in Atlassian Jira | cvebase