CVE-2017-18039 — Cross-site Scripting in Atlassian Jira

CWE-79 — Cross-site Scripting6 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 57.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Atlassian Jira Server

Timeline

PublishedFeb 2

Latest updateMay 14

Description

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5atlassian/jiraunspecified — 7.6.7+9

▶NVDatlassian/jira6.2.1 — 7.4.4+1

▶NVDatlassian/jira_server7.7.0 — 7.7.5+3

🔴Vulnerability Details

GHSA

GHSA-gh3c-5h89-f225: The IncomingMailServers resource in Atlassian Jira from version 6↗2022-05-14

▶

GHSA

GHSA-4vcq-p545-v548: The IncomingMailServers resource in Atlassian JIRA Server before version 7↗2022-05-13

▶

CVEList

CVE-2018-13387: The IncomingMailServers resource in Atlassian JIRA Server before version 7↗2018-07-16

▶

CVEList

CVE-2017-18039: The IncomingMailServers resource in Atlassian Jira from version 6↗2018-02-02

▶