CVE-2017-16864 — Cross-site Scripting in Atlassian Jira
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 45.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 12
Latest updateMay 14
Description
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7