CVE-2018-13395 — Cross-site Scripting in Atlassian Jira

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 54.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Atlassian Jira Server

Timeline

PublishedAug 28

Latest updateMay 13

Description

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5atlassian/jiraunspecified — 7.6.8+10

▶NVDatlassian/jira< 7.6.8

▶NVDatlassian/jira_server7.7.0 — 7.7.5+4

🔴Vulnerability Details

GHSA

GHSA-m2gf-qjxm-22qm: Various resources in Atlassian Jira before version 7↗2022-05-13

▶

CVEList

CVE-2018-13395: Various resources in Atlassian Jira before version 7↗2018-08-28

▶