Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-20824Cross-site Scripting in Atlassian Jira

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
10.8%
top 6.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Atlassian Jira
Timeline
PublishedMay 3
Latest updateMay 24

Description

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5atlassian/jiraunspecified7.13.1
NVDatlassian/jira< 7.13.1

🔴Vulnerability Details

2
GHSA
GHSA-7p7w-89xm-52j5: The WallboardServlet resource in Jira before version 72022-05-24
CVEList
CVE-2018-20824: The WallboardServlet resource in Jira before version 72019-05-03

💥Exploits & PoCs

1
Nuclei
Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
CVE-2018-20824 — Cross-site Scripting in Atlassian Jira | cvebase